SynoTek, LLC

SynoTek, LLC

Governance, Risk Managment, Compliance (GRC)

We can develop the solution for your GRC/Security/Privacy implementation, perform and monitor execution of assessments of information systems against multiple frameworks as well as overall risk management.

GRC/Security/Privacy frameworks include:

GRC for cloud platforms, Compliance as Code

Federal Risk and Authorization Management Program (FedRAMP)

National Institute of Standards and Technology (NIST) Risk Management Framework (NIST RMF)

National Institute of Standards and Technology (NIST) Cybersecurity Framework (NIST CSF)

Federal Information Systems Management Act (FISMA)

Center for Medicare & Medicaid Services (CMS) Minimum Acceptable Risk Standards for Exchanges (MARS-E)

Health Information Portability and Accountability Act (HIPAA) Security Rule (HSR)

Department of Commerce Privacy Shield

Cloud Security Alliance (CSA)

International Organization for Standardization (ISO) 27000 Series

General Data Protection Regulation (GDPR)

Center for Internet Security (CIS) Benchmarks

Center for Internet Security (CIS) Critical Security Controls

Defense Information Systems Agency (DISA) Security Technical Implementation Guide (STIGS)

Information Technology Infrastructure Library (ITIL)

Control Objectives for Information and Related Technologies (COBIT)

Payment Card Industry Data Security Standards (PCI-DSS)

Certified and Experienced

Experience
CISO for a FedRAMP Authorized Cloud Service Provider.
Information Security System Manager for ISSLoB for Department of Interior (Contractor)
ISSO for Department of Commerce (Contractor)
Performing security assessments and auditing of Federal government information systems.

Frameworks and requirements include:
Federal Government (also applies to Local and State Government and Contracting companies):
NIST Cybersecurity Framework
NIST Risk Management Framework (RMF) - NIST SP-800-37
Security and Privacy Controls for Federal Information Systems and Organizations - NIST SP 800-53
Information System Continuous Monitoring (ISCM) - NIST SP 800-137
Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations - NIST SP 800-171
DoD SRG IL2, DoD SRG IL4, and DoD SRG IL5 - Defense Information Systems Agency (DISA)
Privacy Governance
Privacy Shield as required by Federal Trade Commission (FTC)
General Data Protection Regulation (GDPR)
Health Information
Health Information Privacy and Accountability Act (HIPAA) Security Rule - Health and Human Services (HHS)
Health Information Technology for Economic and Clinical Health Act (HITECH) - Health and Human Services (HHS)
CMS MARS-E
Law Enforcement
Criminal Justice Information Services (CJIS) - Federal Bureau of Investigations (FBI)

Certifications
C|CISO - Certified Chief Information Officer - EC Council
CISSP-ISSMP - Certified Information System Security Professional - Information System Security Management Professional - (ISC)2
CGRC - Certified Governance, Risk, and Compliance - (ISC(2
CISA - Certified Information System Auditor - ISACA
PMP - Project Management Professional - PMI
ITIL Foundation - AXELOS
Microsoft - Microsoft Certified Azure Fundamentals (AZ-900)

Personal data is collected by SYNOTEK, LLC and processed regarding prospective and current clients and employees/agents of those clients for the purpose of rendering professional services to SYNOTEK, LLC’s clients. Personal data may be processed in limited circumstances pertaining to the general public in order to respond to requests for information submitted via SYNOTEK, LLC’s website. Should such a request be received from the general public, SYNOTEK, LLC will use the personal data voluntarily provided via the website to reply providing the requested information or communication to the individual making the request.

SynoTek, LLC Privacy and Cookie Policy per FTC Privacy Shield

Policy and Cookie Policy - FTC Privacy Shield