Standards, Compliance, and Audit Response Framework

This service provides a Compliance Register that can be shared with certified auditors, inquiring regulators, or used as a library to complete those time consuming questionnaires from banks or new customers.   

SOC, HIPAA, PCI, NIST, CCPA, GDPR, etc. are the most common standards I encounter but this depends on your business.  The framework does not include all controls listed for each certification.  I have some of the more common controls in the register, but the full list would need to be purchased separately from the authoring standards organization.  

• A timeline for us to discover your applicable standards, your current level of compliance, and develop your Audit Response Framework.
• A weekly progress check.
• The Standards and Compliance Register that includes 8 attributes for monitoring compliance of selected standards.
• Up to 3 1-hour sessions for discovery of compliance evidence for each standard.
• Compliance analysis and recommendation report.
• A standards and Compliance Management policy customized for your organization.

1.  You submit a request for the Standards, Compliance, and Audit Response Framework.
2. You select an open time on my calendar for a brief 30 minute discovery session to determine if this package is right for you.
3. If you decide to move forward I will send you a contract proposal with a detailed Statement of Work and timeline via email.  Depending on the work required I may break the contract proposal into milestones.  Depending on the duration of the engagement we will sync-up weekly to review progress.  If you prefer, I will sign a Non-Disclosure agreement at this time.
4. Once you accept the proposed contract you will select on open time on my calendar for the first 1-hour session where I will familiarize you with the Standards and Compliance Register, the process for updating it, and assign preliminary owners of controls.  
5. We will interview the attribute owners to discover their current level of compliance.  I will facilitate these sessions if necessary.   
6. Upon completion of all discovery sessions I will prepare and deliver a preliminary version of the Standards and Compliance Register for review by all attribute owners.  The purpose is to gain a holistic view of the targeted standards and compliance across the organization and make final adjustments.  If a session is required to review the preliminary version you will select an open time on my calendar for a 1-hour session.
7. Once the attribute owners have completed final adjustments I will prepare a final version of the Standards and Compliance Register for senior management review.  If a session is required to review the final model you will select an open time on my calendar for a 1-hour session.
8. If the Statement of Work has been divided into milestones, as you approve each milestone, I get paid, and the contract remains open to begin the next milestone.  
9. When you approve the final milestone, the contract is closed and I get paid.