C2C Service Solutions

Advisory Services

C2C SmartCompliance has a staff of highly experienced consultants who have extensive cross industry business expertise in Governance, Risk, Compliance and Security.

C2C consultants have “been at the table” and have worked at all levels of management to help organizations solve real world business performance and compliance challenges.

Services include:

  • Privacy compliance (inc. ISO 29100)
  • CyberSecurity (NIST CyberSecurity Framework, ISO 27032, NYDFS, FINRA, PAS 555, CIS Controls , G7 Fundamental Elements of CyberSecurity for the Financial Sector and SEC CyberSecurity Guidelines)
  • Financial Services (banking) alignment and compliance
  • Healthcare compliance (HIPAA)
  • Policy Gap Analysis (mapped to specific control libraries and regulatory requirements
  • Security Architecture design
  • Payment Card Industry compliance (PCI/DSS)
  • IT Governance Design & Strategies
  • Security Governance Design & Strategies
  • Business Impact Analysis (BIA) implementation advisory
  • Gap Assessments/Second Party Assessments
  • Implementation Services for Management Systems:
    • ISO 27001 Information Security Management
    • ISO 20000 Service Management
    • ISO 22301 Business Continuity Management
    • ISO 31000 Risk Management
    • ISO 17025 General Requirements for the Competence of Testing and Calibration Laboratories
    • ISO/IEC 38500 IT Governance Management Standard
    • ISO 9001 Quality Management
    • ISO 14001 Environmental Management
    • BS OHSAS 18001/ISO 45001 Health & Safety
    • ISO 27017 Information security controls for Cloud Services
    • ISO 27018 Code of practice for protection of Personally Identifiable Information (PII) in public clouds acting as PII processors
  • Risk Assessment Remediation Management
  • NIST and Federal requirements models based on NIST 800-53, NIST 800-171
  • Vendor Management and Resilience
  • Compliance Management based on ISO 19600
  • Software Asset Management – ISO 55000
  • Secure Development Life-cycle Assurance + Code Reviews
  • Regulatory Change Management + Alerting
  • Extensive Mappings from Policies/Processes providing line of sight across multiple regulatory frameworks
  • Interface to IBM OpenPages