Products and Services

Introduction | Policy Management System | Compliance Consulting
Compliance Tools  |  Compliance Monitoring

Compliance Consulting

Our experienced consultants provide focused solutions for any customer organization that needs to enhance its status relative to regulatory compliance, security and disaster recovery.  Our consulting services are designed to build self-managed compliance management programs that meet requirements of governance, tracking and reporting.  We place emphasis on training, so there is no need to continually fund expensive on-going consultant-type projects.  We also ensure that all relevant factors are included in the planning process.  As necessary, we will coordinate additional external resources as necessary.  Integration of compliance activities into all areas of your organization is of vital importance to the overall success of compliance implementation.

Compliance Assessment

We can perform an overall Compliance Gap Analysis, which will identify best practices as well as gaps.  Closing the gaps will assure that an organization will meet the spirit as well as the letter of the relevant governing regulation.  We have first hand experience with GLBA, HIPAA and Patriot Act as well as any technology-related compliance reporting systems.

We can perform a Compliance Risk Analysis, which will provide quantitative estimates of what can happen, potential impact and overall risk.  This can be used to justify the implementation of compliance-related tools, processes and technology. 

Compliance Remediation Services

We are expert in developing the range of Policy, Standards and Procedures in order to meet compliance needs.  We can work to tailor the Meta Security Group’s Command Center to fit the industry, the organization and the particular needs of any client.  Once this tool is licensed, then it can be maintained and used without need for further consulting assistance.  In the absence of the Command Center tool, we can develop policy, standards and procedures to fit the organization’s operational approach and culture.

We provide a full range of Compliance Implementation Services, ranging from “over the shoulder” advice to the turn-key development of an implementation plan.  Our work-flow experts can map processes, develop procedures and even help with the organizational development activities, including hiring and training.  We can also outline and develop business processes to support a policy implementation, including the development of a procedural framework, or even the writing of procedures.

Data Security

We provide a full range of Security Consulting Services, to include security reviews, security management services and guidance in choosing and implementing security products.  Our Principals have managed best in class security organizations, and can provide expert help in setting up and managing information security in both large and small organizations. 

We can perform a full range of Vulnerability Testing Services, to including system penetrations, web application testing, security reviews and third party assessments.  Testing can be in the role of an outsider with no access to internal systems, or as an insider, with normal employee access to systems.  Testing can be focused on the network, on an individual application or on a set of services.  One of the important requirements of both Gramm-Leach-Bliley and HIPAA regulations is the assurance that third party service providers meet the internal security standards of the client.  We can provide that assurance.

One of the critical issues in security is Vulnerability Management, which is very difficult, given the daily barrage of vulnerability alerts for various vendor products.  We can provide a patch management process and a tool to help manage this almost intractable problem. 

Business Continuity and Disaster Recovery

Business continuity, which commonly is an organization-wide issue, and disaster recovery, which commonly is an IT issue, are both critical success factors for most compliance regulations.  Our Business Continuity and Disaster recovery Consulting Services provide expert assessment, analysis and advice regarding these difficult to implement needs.

A Business Impact Analysis will range from a simple questionnaire to an in-depth analysis of those informational assets subject to risk from disclosure, modification or destruction.  These assets include computer applications, data and the systems which process them.  Each area is screened for criticality and sensitivity, and a decision analysis process is used to determine the priority and degree of protection or disaster recovery necessary.  Automated tools are employed to make the process cost effective. 

Our Testing and Remediation Services will assure that the proper components of recovery planning are tested.  We can assist in planning and conducting “table top” walkthroughs.  We can develop test scenarios and test plans, and provide independent third party evaluations of the conduct of tests.