WHAT'S INCLUDED

Our Sprint plan is designed to help you get your audit report rapidly for SOC 2, HIPAA, or ISO 27001 in your GRC of choice. We will be available and responsive to questions pertaining to strategic level decisions, educating your team on standard practice within the compliance world (specifically related to companies just like you), and generally helping to direct the compliance goals of the organization.

GRC Implementation: Enable integrations for automated evidence collection, ensure proper mapping for all controls and evidence, troubleshoot all errors and failing tests, assign ownership, and manage the platform for optimal implementation.
Compliance Readiness: Evaluate Compliance goals, high-level review of existing posture, prioritize critical gaps, and provide achievable timelines for all workstreams associated with the specific Compliance objective
Custom Policy & Procedure Creation: Tailor Policies & Procedures for the business context and operating environment, risk tolerance, ownership, and best practice recommendations.
Evaluate and Develop effective Controls: Create, customize, deploy and test Controls within the buiness context and operating environment; design for risk tolerance, ownership, and best practice recommendations
External Audit Management: Serve as the primary POC with Auditors (if desired), represent the security and compliance program to all external parties, manage the discussions and direct towards client teams only as needed, client coaching for how to manage the audit experience.
Penetration Test Support: Assist with identifying scope and proper levels of penetration testing, discuss key differences, recommend Vendors, evaluate options for best use of limited resources.
Initial Risk Assessment: Execute basic, Compliance-ready Risk Assessment to establish a foundational Risk Register, assign Risk owners, action plans, and priorities.
Tabletop Exercises: Manage and document two tabletop scenarios: one for Disaster Recovery, one for Incident Response.
Vendor Risk Management: Develop and formalize SOPs for Vendor Risk Management, especially procurement and evaluations; centrally manage Vendor assessments.
Foundational Vulnerability Management: Create Policies and supporting SOPs for Patch and Vulnerability management, including CI/CD processes, for infrastructure, code, applications, and workstations.
Foundational Incident Management development: Create Policies and supporting SOPs for Incident Management, including one tabletop test and Lessons Learned feedback loop exercise.
Foundational Business Continuity & Disaster Recovery Development (BC/DR): Create Policies and supporting SOPs for BC/DR, including one tabletop test and Lessons Learned feedback loop exercise.
Foundational Threat Management development: Create Policies, supporting SOPs, and technical stack (including log configuration) to ensure proper foundational elements for Threat visibility, sound forensic trails, and investigations.

RESPONSE TIMES

You will be assigned a Security Advisor who will be available 8am - 5pm in their local time zone, Monday through Friday, except on bank holidays, company offsites, and company breaks, all of which will be communicated prior. We recognize that security and compliance are 24/7 priorities and are best able to exceed your expectations when we invest in our workforce's Learning & Development and dedicated time to recharge.  

You will receive weekly status updates that include what was done, what's next, and whether your initiatives are on schedule.  

For straightforward questions (e.g. list of potential vendors) asked before 3pm in your account manager's timezone, you can expect answers the same day.

For more complex questions (e.g. policy changes) asked before 3pm, you can expect a response the same day indicating an estimated timeline for an answer or completion.  While account teams work with multiple clients simultaneously, we maintain an industry-leading ratio to ensure that we accelerate your security and compliance programs. We are an award-winning firm because we have helped 200+ organizations get audit-ready ahead of schedule. 

TOOLING

One of the most frustrating aspects of interacting with consulting firms is that they largely only know how to use their own in-house tools, and none of those tools are collaborative. We went the opposite approach and embraced the tools that our customers are familiar with, so that we build an experience where Eden truly feels like a part of your team. Some of those tools include:

We create a Slack Connect channel with all of our customers so that continuous communication can be established

Our team tracks tasks, milestones, and deliverables from our customized portal and we also grant your team access for continuous visibility.

We’ll share policy documents for your review and store any key compliance documentation or reports.

Fellow is our source of truth for check-ins, allowing us to create agendas for every meeting and take collaborative notes during the meeting.

SPRINT

WHAT'S INCLUDED

RESPONSE TIMES

TOOLING