Proof of compliance infosec consulting, program development, and implementation. Small companies attempting to build a complete security assurance programs often find controls development overwhelming. Our team will accelerate your program development and build information security practices that support your policies, security assurance program, and compliance.

Yes!  

Absolutely.  We are a Tugboat Logic Solutions Partner and we’ve developed policies, controls, and evidence collection for customers wishing to support their security assurance programs with internal audit all the way through to SOC 2 Type II attestation.

Tugboat Logic provides a platform, templates, guidance, and evidence submission to external auditors.  However, Tugboat Logic does not offer professional services around the technical aspects of implementing infosec programs. This is where we can assist your executive team, or your information technology team, and implement solutions that make your business more secure and enable you to demonstrate the program to your customers, vendors, and investors.

Your security program is a key ingredient in trust. That trust is extremely important. It helps you safeguard employee attrition; demonstrate to potential recruits that your business is properly structured; secure investment and capital; support the security assurance programs of other companies; reduce supply chain risk; and close deals faster.

Your organization needs to develop the security assurance program from beginning to end internally. Tugboat Logic will expedite and ease that process, but it does not do it for you. If your executive team is involved, you have infosec staff, and you have substantial experience in information technology management then this is something you can absolutely do on your own. However, if any one of those areas feels a bit weak than this is where we will help.  Ultimately your team, Tugboat Logic, and our team come together to develop and implement a turnkey security assurance program.

Why choose TechBento?

Policy Development

While Tugboat Logic’s Information Security Template Generator demystifies the process of setting up a security and compliance program with an easy-to-use automated framework, experienced cyber security professionals understand the relationship of policies on the company. Tugboat Logic will help you create a credible InfoSec document quickly and easily, without the guesswork.  Our team will then work with your executives, staff, and infosec team to spell out the details in a way that will minimize exceptions and clearly describe your intentions to inform the controls.

Integration Implementation

Tugboat Logic Custom Evidence API allows your company to automate collecting any piece of evidence for your InfoSec program.   While some integrations are as simple as flipping a switch, you need to have a tight understanding of what the integration is feeding and how that will impact your assurance assessments and evidence collection.  We provide the technical support for starting the integration as well as the consulting services for how to use it effectively.   We have a proven track record for successfully integrating cloud services, version control, and employee management.

Risk Assessment

If you have never done a risk assessment for your organization, you may be overwhelmed quickly.  Mandatory risk assessment can be dreadful and expensive. TechBento provides crisp, clear, and transparent guidance on what is mission critical and how to evaluate it.  Combined with Tugboat Logic’s risk assessment features we will streamline your risk management and wow your auditors.  Each application, procedure, system, and person comes with infinite risk possibilities — we will guide you and focus the program on materially significant components.

Controls Implementation

Information security controls are measures taken to reduce information security risks such as information systems breaches, data theft, and unauthorized changes to digital information or systems. Depending on the framework you choose, your organization is likely to adopt 60-120 controls.  Controls are fairly specific in their intent, but completely disconnected form implementation.  Most companies struggle to align policies with controls, and later controls with actual information security processes and systems.  TechBento knows this and that’s where our teams will help you the most.   Our system and infosec engineers can work directly with your technology to adjust it for compliance and then support attestation initiatives.

Evidence Processes

Evidence tasks are based on controls, and often are seen as screen shots, data imports, or spreadsheets.  While security assurance automation solutions like TugBoat define the skeleton of your evidence collection and give you the tools to organize it – that’s not everything.  Your IT/management/IS teams need to know exactly what to do, when so that they may prepare the necessary information for evidence collection.  TechBento can help your organization develop the process, procedures, and automation of evidence collection

Audit Readiness

While your auditor may tell you that they are there to help, the reality is that a third-party auditor should be kept at a distance.  Their job is to provide an unbiased and impartial review of your security posture — if are involved in the program development that that is simply not possible.  While some companies may offer multiple services through mutually exclusive business units, your ideal security assurance program keeps their involvement at evidence review. Our team understands what auditors need to see, how they go about reviewing the program, and we will guide you through the process start to finish.

Vendor Risk Management

Vendor risk management can be extremely complex for some organizations while surprisingly simple for others.  The approach and methods you use depend on the criticality of your supply chain and the risks you are willing to accept.  We have worked with hundreds of vendors, assembled our own profiles and our professional services experience can help you make decisions on who is material and why.  We will design and develop a vendor management process that is efficient, keeps costs low, and matches effort with risk.