Skip to content

Governance Risk & Compliance as a Service (GRC aaS)

Our Security Engineers have extensive experience in managing and running compliance audits including ISO, PCI, SOC, and many others. Lockard is focused on working with your teams to prepare them for the most hostile auditors. Aiming for that mark ensures you are prepared and ready to provide evidence of compliance.

COMPLIANCE PROTECTION EXPERTISE INCLUDES:

  1. PCI-DSS
  2. HIPAA
  3. GDPR
  4. DISA-STIG
  5. NERC-CIP
  6. NIST

Security compliance requires every technology in use at the business to be securely managed and
maintained. Our Endpoint Protection, Network Protection and Hosting Protection covered above
addresses these requirements.
Additional Security Technologies and control requirements are needed:

Technology Hardware & Software:
● Security Information Event Management (SIEM).
○ AlienVault USM
● Log Aggregation and Long Term Storage
○ Example: ELK Stack Pushed To AWS S3 / Dropbox / Google Drive / Box
● IT Asset Discovery & Inventory
○ Hardware & Software
● Physical Security Requirements includes:
○ CCTV / DVR System At All Ingress / Egress
○ Badging In/Out Door Locks

Documentation Of Policies, Standards & Reporting:

● Compliance Reporting

Security Standards & Policy Creation & Enforcement including:

○ In depth Documentation of Acceptable Use Policy
○ In depth Documentation of Data Classification Policy
○ In depth Documentation of Data Destruction Policy
○ In depth Documentation of Disaster Recovery / Business Continuity Plan

○ In depth Documentation of Infrastructure Architecture & Data Flow
○ In depth Documentation of Incident Response Plan (IRP)
○ Non Disclosure Agreement