The CyberValent Plus program is tailored to assist you in passing ongoing audits and maintaining compliance with SOC 2, HIPAA, or ISO 27001 in the desired GRC structure of your choice.

The Plus program builds upon the Core program by including the following:

GRC Implementation

Integrate automated evidence collection, map all controls and evidence accurately, troubleshoot errors and failing tests, assign responsibilities, and manage the platform for optimal performance.

Compliance Readiness

Assess compliance goals, review the current posture, prioritize critical gaps, and provide realistic timelines for all work-streams related to the compliance objective.

Custom Policy & Procedure Creation

Develop tailored policies and procedures based on the business context, operating environment, risk tolerance, ownership, and best practice recommendations.

Evaluate and Develop Effective Controls

Design, customize, implement, and test controls within the business context and operating environment; align with risk tolerance, ownership, and best practice recommendations.

External Audit Management

Act as the main contact with auditors (if desired), represent the security and compliance program to external parties, manage discussions, and involve client teams only when necessary. Provide coaching on managing the audit experience.

Penetration Test Support

Help identify the scope and appropriate levels of penetration testing, explain key differences, recommend vendors, and evaluate options for optimal resource use.

Initial Risk Assessment

Perform a basic, compliance-ready risk assessment to create a foundational risk register, assign risk owners, and develop action plans and priorities.

Tabletop Exercises

Organize and document two tabletop scenarios: one for disaster recovery and one for incident response.

Vendor Risk Management

Create and formalize SOPs for vendor risk management, particularly procurement and evaluations, and centrally manage vendor assessments.

Foundational Vulnerability Management

Establish policies and SOPs for patch and vulnerability management, including CI/CD processes, for infrastructure, code, applications, and workstations.

Foundational Incident Management Development

Develop policies and SOPs for incident management, including conducting a tabletop test and a lessons learned feedback loop exercise.

Foundational Business Continuity & Disaster Recovery Development (BC/DR)

Formulate policies and SOPs for BC/DR, including conducting a tabletop test and a lessons learned feedback loop exercise.

Foundational Threat Management Development

Create policies, SOPs, and a technical stack (including log configuration) to ensure proper threat visibility, forensic trails, and investigation capabilities.