Background Image

Gap Analysis and Remediation

  1. Home
  2. Business Risk and Compliance Services
  3. Gap Analysis and Remediation

The Goal

Identify and remediate regulatory compliance gaps that may exist in technical design, security controls, policies, and documentation.

Our Method

Work with technical teams and management through in-depth reviews of current technologies, processes, policies, and team culture to identify control gaps and make technical recommendations on remediation tailored to the current resources, timeline, and organizational culture.

The Result

Urbane provides assessment reporting that includes:

  • Detailed Findings and Observations
  • Tailored Remediation Strategies

Scopes of Assessment

Covering a broad range of compliance standards, Urbane assists organizations in their preparation for compliance assessments or internal attestations through the following key services.

First Time Assessments

Preparing teams for their first time complying with a specific standard, Urbane leverages their historical experience and expert technical advice to provide actionable guidance on meeting the requirements. After a thorough review of the processes, technical implementation, and current documents, Urbane provides a tailored and prioritized remediation strategy with clearly defined implementation options to achieve both short and long term compliance.

Architecture Change Review

Validating the continuing compliance of an environment, Urbane assists teams in the design and implementation phases of significant environment changes to review and improve the security and compliance of the changes. Whether infrastructure or application specific, Urbane considers the technical impact of the changes, evaluates the compliance requirements, and determines if additional considerations are required to maintain the state of compliance.

Remediation Design

For groups looking for expert assistance in remediating compliance gaps, Urbane's design and implementation services provide assistance in achieving business requirements with compliance goals. Urbane provides coverage for security control implementation, policy requirements, scope reduction techniques, vulnerability management, and program design.

Compliance Program Management

Assisting both short and long term compliance programs, Urbane provides external assistance in the management of compliance programs. Ensuring that appropriate compliance activities are executed, managing the remediation of gaps, validating the remediation of vulnerabilities, and keeping business units appraised of changes to the standards provide the breadth and depth of coverage for the multiple standards required by the business needs of the organization.

Compliance Standards

Urbane excels in delivery with a diverse set of regulatory and compliance standards, including:

PCI DSS

The Payment Card Industry Data Security Standard focuses on the security of cardholder data through 12 key requirements and is required for both merchants and service providers handling cardholder data.

HITRUST CSF

The HITRUST Common Security Framework (CSF) is a comprehensive, prescriptive, and certifiable framework that covers multiple domains of sensitive and regulated data.

HIPAA

The Health insurance Portability and Accountability Act is a US law that covers the confidentiality and integrity of patient medical data, affecting those providing medical services.

ISO 27001/27002/27017/27018

ISO's standards provide a globally recognized set of requirements for organizations and cloud providers' information security programs.

SOC 2

The Service Organization Control 2 report by the American Institute of Certified Public Accountants provides review of the security and privacy controls of an organization.

EU-US Privacy Shield

As a replacement for US-EU safe harbor, the EU-US Privacy Shield requirements govern protection and confidentiality of personally identifiable information of EU citizens by US companies.

NIST SP 800

From the US Department of Commerce's National Institute of Standards and Technology, NIST SP 800 standards focus on information security and enterprise risk management.

CSA STAR

As a relatively new standard, the Cloud Security Alliance's Security, Trust, & Assurance Registry provides a self assessment and third party assessment certification for security of cloud platforms.

GLBA

The Gramm-Leach-Bliley Act of 1999, enforced by the US Federal Trade Commission, focuses on the security and integrity of consumer financial and personal information.

FISMA

For service providers providing solutions to the public sector, the Federal Information Security Management Act provides requirements for systems hosting government information and services against threats.

FEDRAMP

Managed by the US General Services Administration, the Federal Risk and Authorization Management Program provides a security assessment standard for cloud products and services.

The Urbane Difference

Innovative. Sophisticated. Refined.

Urbane demonstrates our founding principles in every engagement through attention to the details, modern techniques, and strong union with our clients.

Learn what differentiates Urbane

Request more information

Looking to learn more about Urbane and our solutions? Please complete the contact details below for a member of our team to reach out to you with more information about Urbane's Gap Analysis and Remediation solutions.

Your information will be held in the strictest confidence in accordance with our privacy policy and our contact policy.

Your Name:
Organization:
Preferred Method of Contact:
E-Mail
Phone Call
Phone:
E-Mail:

Other Urbane Solutions That May Interest You

Pic
Network Penetration Testing

Focusing on the exposed services, networks, and configurations, network penetration testing (also known as Ethical Hacking) simulates an attacker attempting to gain access to a network and its services through a variety of methods.

Pic
Application Penetration Testing

The goal of application penetration tests are to analyze the logic and operation of exposed applications, as an attacker would, in attempt to access sensitive data, compromise a system, or bypass logic controls.

Pic
SDLC Security Integration

Deeply integrating into an organization’s development and project management teams, Urbane's SDLC security program adds security expertise into the various steps of the process to reduce cost and security risks.

Pic
Vendor Management

With many regulatory and compliance requirements mandating supplier due-diligence programs, many organizations do not have the staff or time to allocate to these efforts. Urbane’s knowledge and streamlined vendor assessment framework simplifies the process of annual on-site reviews and supplier due-diligence.