Identify Vulnerabilities to Reduce Risks
Get backup from our team of security and compliance experts to enable your organization to pass any regulatory obligation.
Gap Assessment
Regulatory and Compliance Guidance
What is a Gap Assessment?
Identify the steps needed to reduce risk and pass audits
Whether it’s a government body, a contractual obligation with a customer, an industry requirement, a private-sector framework, or a nonprofit authority, organizations often have a set of rules and security controls they must adhere to. To ensure you can earn contracts, stay accredited, and stay certified, identifying where you currently fall short in your administrative, physical, and technical security is a crucial step.
How can we help?
Speak with one of our security experts to get started on your path to meeting your regulatory obligations.
CONTACT USHow does FRSecure approach gap assessments?
After determining which regulation(s) your organization must adhere to, FRSecure analysts will work with your team to understand which capabilities and controls are in place—ultimately helping you identify shortcomings in your requirements. With an emphasis on improving your overall security fundamentals, compliance falls naturally in place after that. Because of this, we can support a wide range of requirements across almost any industry.
Gap Assessment Steps
Interview Staff
It’s important to talk to staff who are responsible for each area of the requirement in question. We need to be if the staff understands how their daily functions impact the security program and its requirements.
Review Evidence
After the interview is conducted, our analysts will take the information gathered, assess what’s being done, and see where there are discrepancies between the two.
Develop Roadmap
Once the evidence is reviewed, the analyst can determine where there are shortcomings in the regulatory requirements. Then they’ll develop a detailed plan outlining the to-dos, timeline, and cost needed to comply.
AWIA
AWIA
FFIEC
FFIEC
CCPA
CCPA
CIS
CIS
HIPAA
HIPAA
FINRA
FINRA
PCI
PCI
CMMC
CMMC
FERC/NERC
FERC/NERC
NYDFS
NYDFS
SOPPA
SOPPA
NIST 800-53
NIST 800-53
NIST 800-171
NIST 800-171
NIST CSF
NIST CSF
GLBA Safeguards Compliance
GLBA Safeguards Compliance
Gap Assessment FAQ
FRSecure uses a risk assessment methodology and platform called S2. The final report will list specific controls you need to adhere to and map to the corresponding controls in S2. It will also list the specific control and whether it’s being met, not being met, or if not applicable.
It typically takes between 4-16 hours to conduct interviews with your staff. In total, it takes anywhere from 4-6 weeks to complete the entire engagement.
On average, regulatory requirements need to be met every 1-2 years, so these need to be conducted at least that often. It cannot be a one-and-done—it must be an ongoing process.
It is crucial to us that we stay objective when handling cybersecurity services. Grading your own paper is an easy way to bring unintentional bias, leading to a false sense of security. We help improve security programs and determine gaps in compliance—but we stop there.
The FRSecure Way
Why work with FRSecure?
Expertise
FRSecure has been in business for over 10 years, and our team has more than 300 years of combined experience working in information security and boasts 30 different kinds of certifications. When it comes to growing a security program that complies with regulatory standards, you have the benefit of experience in your corner.
Mission
Our mission at FRSecure is to fix the broken information security industry. Not only do we help you comply with standards, but we also solve as many weaknesses as we can in your security environment. We are dedicated to making real, lasting, impactful changes to your security program.
Style
Our style isn’t “cookie cutter.” We recognize that each organization is different, and every security program is at a different stage of maturity. We get to know your security program intimately, use assessents to determine what your strengths and weaknesses are, and then apply industry best practices to provide next steps that’ll help you meet regulatory requirements.
Focus
Information security is all we do. We don’t do IT, sell hardware, or provide telco services. We only do security. Because of this, our team can provide unbiased recommendations that will actually make a dramatic impact to the way you do security. We work hard to be a partner—collaborating with and educating your team every step of the way.