RISC Management & Consulting is an organization specializing in data privacy and information security regulations and frameworks, focused on healthcare, financial, and commercial sectors. RISC assists its clients in understanding the requirements of federal and state regulations, industry requirements, and best practice frameworks as they apply to sensitive information. RISC assists its clients in evaluating, remediating, and monitoring the risk to sensitive information, the infrastructure upon which it is transmitted, and the systems and applications in which it resides. In addition, RISC provides third party assessment and validation of information privacy and security controls to achieve compliance with applicable laws and standards. RISC Consultants are experts in legal requirements, industry standards, and frameworks including HIPAA, GDPR, ISO 27001 & 27002, PCI-DSS, GLBA, FFIEC, State Level information security laws., and many more. RISC can assist any organization with projects, ongoing support, fully managed, and outsourced assistance in the following areas: - Risk Assessment / Risk Analysis - Vulnerability Assessment / PEN Test / Application Fuzz Testing / Black Box Testing - Policy development, editing, gap assessment, cross-indexing with various laws and frameworks, policy hosting on our Internal Controls Framework (ICF) platform - Procedure development, editing, hosting to support policies - Process Flow development, design, documentation - Business Continuity Planning (BCP) development, review, testing, or exercise - Disaster Recovery Planning (DRP) development, review, testing, or exercise - Business Impact Analysis (BIA) development, updating, documenting - Data Loss Prevention (DLP) assessments, purchase, implementation, ongoing management - Social Engineering Tests on-site, phishing, phone-based - Cloud Security planning, architecture, implementation, assessment, and documentation