Our Approach to vCISO
Cost-effective compliance and cybersecurity
Security and compliance services are part of our Compliance-as-a-Service model, which includes the governance of both functions led by our Virtual Chief Information Security Officer model, (vCISO). RKON’s vCISO solution encompasses a range of RKON security services in our monthly, outsourced model. This solution is ideal for companies with compliance needs but insufficient resources and expertise to address them in-house.
Not all organizations can afford a full-time Chief Information Security Officer (CISO) to address regulatory compliance, security, and privacy and their impact on IT infrastructure. Then again, many organizations don’t need a CISO full time, but rather on a more limited basis, which is why we provide Virtual CISO (vCISO) solutions.
WHAT MAKES RKON DIFFERENT?
RKON routinely helps organizations achieve rapid compliance or compliance remediation in as little as 60 days. By understanding the difference between security and compliance, RKON has developed a methodology that greatly simplifies compliance execution.
WHAT TYPES OF ENGAGEMENTS?
Compliance certification: PCI DDS, HITRUST, ISO27001, FISMA, SOX, ISO27001
RKON takes complete ownership over the process interfacing with management and auditors. We’ve developed a methodology for executing compliance in a best-in-class, cost-effective time frame, regardless of the starting point and current maturity. In addition, clients can tap into a complete security and compliance control toolkit that RKON provides under its Compliance-as-a-Service offering.
RFP/customer requirements certification
There’s a growing trend of clients asking their suppliers to fulfill basic security and compliance requirements as a result of trickle-down compliance with their own certifications. Clients don’t always realize they don’t have to say yes to every compliance requirement. RKON has deep experience in helping clients win RFPs without compromising their integrity or spending excessive amounts of money on expensive tools that fail to deliver any business result or value.
Security and compliance program improvement
This program is for clients who are looking for a standards-based improvement execution plan for a fixed monthly fee over a period of time, where our experts interface as management advisors, auditors, and security execution leaders.
THIRD PARTY ASSURANCE/SUPPLIER AUDITS
Dependencies on 3rd parties can often be overlooked in security terms. However, the access, privilege, and responsibilities of these parties can often provide the weakest link in an organization’s security posture.
RKON can advise, review, and conduct Supplier Audits on behalf of the customer.
Identify and review the current 3rd party supplier list
A review of the current supplier IT Security assurance processes
Review of the Policy and Procedures
Assist the customer with identifying risks presented by current 3rd party suppliers and rank
Train internal audit staff or conduct on behalf of relevant Supplier Audits