The AT&T Consulting Governance, Risk and Compliance offer provides end-to-end consulting and advisory services for information security, governance, risk management, compliance and implementation. A key foundation for information protection and risk management is having a set of clear security policies. These need to be easily understood, up-to-date, fully implemented, complied with and consistently enforced. Our consultants can help you develop, update and/or validate security policies - especially those required for compliance such as: Enterprise Risk Assessments, Regulatory and Industry Standards Assessments and AT&T SureSealSM Security Certified Program.
- Enterprise Risk Assessments
- Regulatory and Industry Standards-based Assessments
- AT&T SureSealSM Security Certified
- Product Briefs
- White Papers
Enterprise Risk Assessments
This service enables you to optimize operational and financial decisions by providing a holistic view of threats, vulnerabilities and business impacts. The assessments help you understand the impact of existing and emerging threats, the adequacy and effectiveness of implemented controls and potential information security policy changes, while measuring compliance with both internal and external policies and regulations.
The key services include:
- Risk Assessment
- Remediation Roadmap
Regulatory and Industry Standards-based Assessments
Based on the compliance needs of the various regulatory and industry standards, we offer compliance assessments that help determine the security and compliance posture of an organization.
The key services include:
- Security Assessment
- Remediation and Implementation
FTC Mandated Assessments
AT&T Consulting provides assessments mandated by the United States Federal Trade Commission to ensure the protection of personal information. Because of the increase in the number of data security breaches, the FTC now requires organizations that fail to protect consumer data to undergo rigorous security assessments. The Security Program Assessment identifies the administrative, physical and technical controls implemented to reasonably protect personal information, based upon the size, complexity, and scope of operations.
The key services include:
- Security Program Assessment
- Initial and Biennial Assessment Planning
HIPAA, HITECH, HITRUST
Recent reports of health record data breaches, and the transformation of healthcare industry data practices and requirements, require assessments and guidance on the implementation of controls that meet the information protection requirements of HIPAA/HITECH/HITRUST. Our assessments help you benchmark security and privacy posture as well as provide insight on how to improve existing compliance controls and address organizational information risk.
Gramm-Leach-Bliley Act (GLBA)
In order to comply with the GLBA mandate, financial institutions are required to identify and assess security risks, plan and implement security solutions to protect sensitive information and establish measures to monitor and manage security systems. The GLBA Assessment Services helps identify immediate security concerns and gaps between the current infrastructure and identified requirements for GLBA compliance, overall system security and projected growth. Using the assessment and gap analysis, we provide prioritized recommendations for improving performance, mitigating risk and ensuring compliance with the identified requirements.
Agreed Upon Procedure (AUP) Assessments
The growing trend for outsourcing business processes to third parties has enabled businesses to focus on core competencies while containing costs. This trend has also increased information security risks by extending access to third parties. It is good business practice to evaluate and address the risks that outsourcing has on your organization, and this is required by some standards and laws, too. Good practices in this area can make all the difference when protecting brand and reputation. Some organizations have hundreds of outsource partners. To address this, the Shared Assessments Program by BITS was established to create standardized processes and methodologies in which to gather information and report information security-related outsourcing risk. As part of this program, AT&T Consulting conduct AUP Assessments based upon the controls and testing procedures established within the AUP so that you can provide an objective view of control implementation.
State Privacy Laws
With the increase in the number of state laws that cover the protection of sensitive information and personally identifiable information, elements of the security program such as Incident Response, Breach Identification and Notification and Identity Theft Prevention need to be strengthened to meet the requirements specified by the state laws. As part of our services, AT&T Consulting conducts a baseline assessment to determine the current compliance status with the applicable state laws, identify gaps, provide recommendations to achieve compliance and improve your overall security posture, as well as offer remediation services to achieve compliance with the State Privacy Laws including Massachusetts and Nevada.
ISO 27001/2 Assessments and Certification
AT&T Consulting performs an assessment of your organization's ISMS using
the ISO 27001 requirements and the Statement of Applicability as the assessment
baseline and /or a comprehensive review of your posture against the controls
indentified within ISO 27002.
Our approach to an ISO 27001/2 Assessment addresses people, technology and processes. AT&T Consulting has an in-depth knowledge of information security standards of good practice and regulatory requirements, as well as considerable experience in providing assessments to and understanding information security management practices.
The key services include:
- Readiness Assessment
- Planning and Implementation
AT&T SureSealSM Security Certified
The AT&T SureSealSM Security Certified Program is designed to assess an enterprise's information security program (or critical business components or applications) and certify that it meets industry standards and applicable regulatory requirements. This Program provides trust and assurance for companies that are required to communicate security practices to third parties and government regulators and can reduce the complexity and expense of multiple redundant compliance initiatives. The assessment phase consists of a detailed assessment of your business, networks and data flow. Typically, this phase is performed through documentation reviews, interviews, and technical analysis. As part of the remediation roadmap service, we provide guidance on the implementation of recommendations to optimize or close the gaps based on the vulnerabilities identified as part of the assessment phase.
- AT&T Consulting: Advanced Persistent Threat Security Assessment
- AT&T Consulting: AT&T SureSealSM Security Certified Program
- AT&T Consulting: Certification Services for the Health Information Trust AllianceTM (HITRUSTTM) – Common Security Framework
- AT&T Consulting: Cloud Services
- AT&T Consulting: Enterprise Security Assessment Services
- AT&T Consulting: Federal Trade Commission Security Program Assessment
- AT&T Consulting: Governance, Risk and Compliance Services
- AT&T Consulting: Incident Management Program Security Services
- AT&T Consulting: ISO Assessment Services: ISO 27001 Overview
- AT&T Consulting: Meaningful Use Security Risk Analysis
- AT&T Security Consulting: Data Loss Prevention Program Management
- AT&T Security Consulting: Information Assurance - Federal Information Security Management Act (FISMA)
- AT&T Security Consulting: Mobility Security Risk Assessment Services: Assess Mobility Security Risks and Help Secure your Mobile Ecosystem
- AT&T Security Consulting: Security Services for NERC Compliance
- HIPAA/HITECH: Security Services for Next Generation Healthcare
- Information Protection Framework: Data Security Compliance and Today’s Healthcare Industry
- Mobility Security Strategy: Lifeline for Next Generation Healthcare
- Patient Healthcare Data and You: Supporting the Move to Value-Based Care