Compliance / Privacy | AppSec Consulting

Compliance / Privacy

AppSec Consulting partners with many types of organizations, including financial services, retail, ecommerce, healthcare, software, utilities, and hospitality to assist in gap identification and strategic remediation planning for a variety of compliance needs. We have deep knowledge of various regulatory and industry standards, including PCI DSS, HIPAA, FFIEC/OCC, SOC 2, GDPR/Privacy Shield, NIST, and ISO 27001:2013. Our comprehensive process helps you identify gaps and build sustainable programs that can enable business and reduce risk.

Less experienced security firms are focused on narrow interpretations and checking boxes. We understand that every environment is different, and true security and compliance cannot be achieved without a combination of management support, technical implementation, employee awareness, and mature processes. Our experienced staff can help you put context around your business goals, and help you optimize your security, compliance, and privacy programs.

Service Organization Controls (SOC)

Preparation services by our expert team to help you scope, design controls and test procedures, and prepare for an audit.

ISO 27001 Services

Expert assistance navigating the ISO 27001:2013 process to help your organization prepare for certification or develop a sustainable InfoSec Program.

PCI Gap Analysis and Remediation

Comprehensive gap analysis and reporting against the DSS to help your organization prepare for Self Assessment or a Report on Compliance assessment.

Guided SAQ Assessment

Expert assistance to help you understand, properly scope, and fill out all required documentation for a PCI Self-Assessment Questionnaire.

Report on Compliance (ROC) Audit

Comprehensive Level 1 Report on Compliance assessment and attestation services from our team of exceptional Qualified Security Assessors.

ASV Services

Quarterly network scans and expert advice to help you meet your quarterly PCI scanning requirements.

Data Privacy (GDPR/EU/US Privacy Shield)

Our experienced staff will help you meet your privacy and compliance goals in a manner best suited to your unique requirements.

Outsourced Data Protection Officer (DPO) Services

Our outsourced DPO services are designed to help you meet data privacy requirements such as GDPR without the expense and headaches that come with training or hiring a full-time resource.

Data Privacy (California Consumer Privacy Act)

Our team of Privacy Experts will help you meet new requirements impacting businesses that collect personal information of California consumers.

Find out more about how AppSec Consulting can help you with your Security and Compliance program.

Contact us

From the Blog

How organizations can prepare for and contain the inevitable; a cyber breach

Tim Jensen / September 12, 2019

It’s not a matter of ‘if’ your organization will experience a cyber-attack, but ‘when’. That’s BSI’s approach to cyber security and information resilience, through either our advisory services or certification and training. We help thousands of organizations around the world embed excellence with a focus on Organizational Resilience. One of the best ways for organizations to manage and protect their information assets is to implement ISO/IEC 27001, the internationally recognized information security management standard. Cyber-attacks are commonplace at this point; the blog post below discusses one of the most recent; an attack on twenty-two local governments in the state of Texas. Unfortunately, this is just the latest in a string of attacks on government entities, which includes the attack on the City of Baltimore earlier this year. Below, Stephen Haywood and Tim Jensen, discuss what companies should be aware of, what they need to think about, and what they can do to prepare for data breaches.