Compliance / Privacy | AppSec Consulting

Compliance / Privacy

AppSec Consulting partners with many types of organizations, including financial services, retail, ecommerce, healthcare, software, utilities, and hospitality to assist in gap identification and strategic remediation planning for a variety of compliance needs. We have deep knowledge of various regulatory and industry standards, including PCI DSS, HIPAA, FFIEC/OCC, SOC 2, GDPR/Privacy Shield, NIST, and ISO 27001:2013. Our comprehensive process helps you identify gaps and build sustainable programs that can enable business and reduce risk.

Less experienced security firms are focused on narrow interpretations and checking boxes. We understand that every environment is different, and true security and compliance cannot be achieved without a combination of management support, technical implementation, employee awareness, and mature processes. Our experienced staff can help you put context around your business goals, and help you optimize your security, compliance, and privacy programs.

Service Organization Controls (SOC)

Preparation services by our expert team to help you scope, design controls and test procedures, and prepare for an audit.

ISO 27001 Services

Expert assistance navigating the ISO 27001:2013 process to help your organization prepare for certification or develop a sustainable InfoSec Program.

PCI Gap Analysis and Remediation

Comprehensive gap analysis and reporting against the DSS to help your organization prepare for Self Assessment or a Report on Compliance assessment.

Guided SAQ Assessment

Expert assistance to help you understand, properly scope, and fill out all required documentation for a PCI Self-Assessment Questionnaire.

Report on Compliance (ROC) Audit

Comprehensive Level 1 Report on Compliance assessment and attestation services from our team of exceptional Qualified Security Assessors.

ASV Services

Quarterly network scans and expert advice to help you meet your quarterly PCI scanning requirements.

Data Privacy (GDPR/EU/US Privacy Shield)

Our experienced staff will help you meet your privacy and compliance goals in a manner best suited to your unique requirements.

Outsourced Data Protection Officer (DPO) Services

Our outsourced DPO services are designed to help you meet data privacy requirements such as GDPR without the expense and headaches that come with training or hiring a full-time resource.

Find out more about how AppSec Consulting can help you with your Security and Compliance program.

Contact us

From the Blog

Securing Third Party JavaScript

Jeremy Mount / August 20, 2018

Many, if not most web applications use some kind of third party JavaScript. These scripts provide useful functionality and services such as analytics, social media integration, data services, user interface features, chat capabilities and so on, however they also present a substantial risk to the confidentiality and integrity of your application and the data contained within. This is not a new topic in application security, however many companies still fail to consider or fully understand the security implications of adding code from third parties to their applications.