• Home

• Industries
  • Financial Services
  • Government
  • Healthcare
  • Higher Education
  • Legal
  • Public Companies
  • Public Utilities
  • Retail

• Solutions
  • IT Audit Services
  • IT Risk Assessment Services
  • IT Security Planning
  • PCI Compliance Services
  • Application Code Review
  • Vulnerability Scanning
  • Penetration Testing

• News & Events
  • Events
  • Webinars
  • In The News
  • Press Releases

• About Us
  • Overview
  • Management
  • Partners

• Careers

• Contact Us

Policy Development

Information security policies represent one of the most powerful risk management controls that an organization can deploy. Policies establish leadership positions on key control issues throughout the organization and provide clear security and control instructions to management and staff. Our policy development service creates a set of information security policies that are derived from your risk and compliance control programs - ensuring proper alignment of security control objectives and policy requirements.

Coalfire provides templates and advisory services to develop or enhance IT security policies that adhere to ISO 27001 and 27002 standards as well as provide a framework to achieve compliance with GLBA, HIPAA, FISMA, and PCI regulations.

Business Continuity Planning (BCP)

Business Continuity Planning (BCP) is a critical security requirement for any organization that needs to minimize the impact of business or IT service disruption. Coalfire's BCP service is structured to help organizations implement a full lifecycle of business continuity planning.

Processes needed for regular BCP testing and adjustment are:

1. Business Impact Analysis
2. BCP Development
3. Disaster Recovery Plan Development

Incident Response Planning (IRP)

It happens every week: a company loses a set of backup files. An outsider socially engineers company information from an employee. An employee finds suspicious software running on a back-office PC. A laptop is stolen from a senior manager's car. Information security events will happen to every organization. How the organization defines, escalates, addresses and ultimately resolves these events is important to preserve:

• The privacy of your customer and employee information;
• Company credibility, reputation, and image;
• The integrity of your business information.

Our Incident Response Planning service delivers a full set of policies and procedures that are designed to help your organization treat information security incidents, including event escalation, containment, eradication, communication, and post-mortem analysis.

Vendor Management

As recent highly publicized data breaches expose weaknesses in managing data protection throughout integrated systems, leading organizations are establishing vendor management programs to clearly define controls and enforce compliance with their vendors. Coalfire has developed proven templates and processes to manage vendors and service providers in compliance with PCI, GLBA, HIPAA, and other state and federal regulations.