Formal information security functions are vital risk management instruments that continually evaluate the ever-changing threats, vulnerability, and risks to organizational assets. As such, information security functions must play a highly visible, cross-functional role within organizational management. Our IT Security Governance development program helps identify the IT security resources, operations, reporting structures, and program responsibilities needed by the organization to:

 1. Manage security as an effective, proactive process.
 2. Maintain consistent security operations, assessments, and reporting.
 3. Build appropriate roles and responsibilities for security oversight and management.
 4. Establish accountability for organizational information, assets, and controls

Sixgold Technologies advises senior management on processes and organization structure to effective design and controls and enforce compliance with controls throughout the organization.

Policy Development
Information security policies represent one of the most powerful risk management controls that an organization can deploy. Policies establish leadership&rsquos positions on key control issues throughout the organization and provide clear security and control instructions to management and staff. Our Policy Development service creates a set of information security policies that are derived from your risk and compliance control programs-ensuring proper alignment of security control objectives and policy requirements.

Sixgold Technologies provides templates and advisory services to develop or enhance IT Security Policies that adhere to ISO 27001 and 27002 standards as well as provide a framework to achieve compliance with GLBA, HIPAA, FISMA, and PCI regulations.

Business Continuity Planning (BCP)
Business Continuity Planning (BCP) is a critical security requirement for any organization that needs to minimize the impact of business or IT service disruption. Softflexx Technologies&rsquos BCP service is structured to help organizations implement a full lifecycle of BCP Planning. Processes needed for regular BCP testing and adjustment:

   1. Business Impact Analysis
   2. BCP Development
   3. Disaster Recovery Plan Development
   4. Disaster Recovery Plan Development

Incident Response Planning (IRP)
It happens every week: A company loses a set of backup tapes. An outsider socially engineers company information from an employee. An employee finds suspicious software running on a back office PC. A laptop is stolen from a senior manager's car. Information security events will happen to every organization. How the organization defines, escalates, addresses and ultimately resolves these events is important in preserving:

 1. The privacy of your customer and employee information
 2. Company credibility, reputation, and image
 3. The integrity of your business information.

Our Incident Response Planning service delivers a full set of policies and procedures that are designed to help your organization treat information security incidents- including event escalation, containment, eradication, communication, and post-mortem.

Vendor Management
As recent highly publicized data breaches expose weaknesses in managing data protection throughout integrated processes, leading organizations are establishing vendor management programs to clearly define controls and enforce compliance with vendor organizations. Sixgold Technologies has developed proven templates and processes to manage vendors and service providers in compliance with PCI, GLBA, HIPAA, and other state and federal regulations.