Compliance / Privacy | AppSec Consulting

Compliance / Privacy

AppSec Consulting partners with many types of organizations, including financial services, retail, ecommerce, healthcare, software, utilities, and hospitality to assist in gap identification and strategic remediation planning for a variety of compliance needs. We have deep knowledge of various regulatory and industry standards, including PCI DSS, HIPAA, FFIEC/OCC, SOC 2, GDPR/Privacy Shield, NIST, and ISO 27001:2013. Our comprehensive process helps you identify gaps and build sustainable programs that can enable business and reduce risk.

Less experienced security firms are focused on narrow interpretations and checking boxes. We understand that every environment is different, and true security and compliance cannot be achieved without a combination of management support, technical implementation, employee awareness, and mature processes. Our experienced staff can help you put context around your business goals, and help you optimize your security, compliance, and privacy programs.

Service Organization Controls (SOC)

Preparation services by our expert team to help you scope, design controls and test procedures, and prepare for an audit.

ISO 27001 Services

Expert assistance navigating the ISO 27001:2013 process to help your organization prepare for certification or develop a sustainable InfoSec Program.

PCI Gap Analysis and Remediation

Comprehensive gap analysis and reporting against the DSS to help your organization prepare for Self Assessment or a Report on Compliance assessment.

Guided SAQ Assessment

Expert assistance to help you understand, properly scope, and fill out all required documentation for a PCI Self-Assessment Questionnaire.

Report on Compliance (ROC) Audit

Comprehensive Level 1 Report on Compliance assessment and attestation services from our team of exceptional Qualified Security Assessors.

ASV Services

Quarterly network scans and expert advice to help you meet your quarterly PCI scanning requirements.

Data Privacy (GDPR/EU/US Privacy Shield)

Our experienced staff will help you meet your privacy and compliance goals in a manner best suited to your unique requirements.

Outsourced Data Protection Officer (DPO) Services

Our outsourced DPO services are designed to help you meet data privacy requirements such as GDPR without the expense and headaches that come with training or hiring a full-time resource.

Data Privacy (California Consumer Privacy Act)

Our team of Privacy Experts will help you meet new requirements impacting businesses that collect personal information of California consumers.

Find out more about how AppSec Consulting can help you with your Security and Compliance program.

Contact us

From the Blog

Who’s Managing your LAPS Implementation

Michael Becher / January 07, 2020

In May 2015, Microsoft released a password management tool to combat the rising abuse of encrypted passwords (which effectively became encoded when Microsoft released the key) stored in Group Policy Preferences, or worse, in cleartext scripts pushed via GPO. Every domain user was able to access these preferences and scripts in the ‘SYSVOL’ share and could obtain the single local administrator password for all machines on the domain, which would provide total lateral movement opportunities within the domain. The necessary problem here is that at least one user has to be able to see these LAPS passwords to administer the process. Who within your domain has this power? You might be surprised at how often this is overlooked, thus leading to the availability of all these passwords to more users than intended.