Governance Risk and Control (GRC)
Our GRC process is one of the best ways to continually measure the adequacy of your cybersecurity program.
Guernsey can help you meet regulatory and compliance obligations by implementing a Governance Risk and Control Program. Depending on regulatory or contractual requirements, organizations may be required to be compliant with different cybersecurity frameworks, pass a regulatory review or audit such as a SOC2.
We help you identify the appropriate framework to measure the design and effectiveness of your cybersecurity program. Common frameworks we have helped our clients implement include NERC-CIP, CIS7.1, NIST 800-171, CMMC, HIPAA, and Trust Services Criteria.
We use the Apptega GRC portal to track and measure compliance with control objectives, identify and map control activities, and create processes to collect evidence that controls are completed. We also identify control objectives that are not being met and prioritizing recommendations for improvement based on risk.
Our GRC process is one of the best ways to continually measure the adequacy of your cybersecurity program. We have individuals with experience assisting organizations must comply with various standards mandated by government entities, customers, or industry groups. We can help you build a cybersecurity program that provides security and complies with any applicable standards, including NERC-CIP, PCI, HIPAA, FFIEC, and others. We can also prepare you for SOC2 audits.
You need a team of good guys who are trained to think like the bad guys. That’s where our cybersecurity professionals come in.
Timothy Fawcett, CISSP, CISA, CSSA
Director of Cyber Security Consulting
Tim Fawcett is the Director of Cyber Security Consulting with Guernsey. He has extensive experience in performing risk assessments for IT environments and communicating best practices related to a range of systems and technologies. Tim started his career in information assurance and auditing in 2001. In his career, he has performed IT audits, risk assessments, and cyber threat and vulnerability analyses. Specific project topics include the areas of NERC-CIP compliance, PCI Data Security Standard compliance, ERP system security, application, and operating system security configurations, business continuity planning and disaster recovery, physical security, telecommunications, and security architecture and design.
Cyber Security Consultant
Isaac is an experienced pentester with experience from dozens of penetration tests. Working with companies of all fields and all sizes, he can communicate effectively and promptly with all parties involved. Other than pen testing, he has experience in physical security assessments and forensic work.
GSA Schedule 70
Engage Guernsey through Schedule 70.
Organizations that are eligible to purchase through GSA schedules can engage Guernsey through Schedule 70 - Contractor Awarded Unique Entity ID (DUNS): 062275144