With many different organizations taking in PII, each company needs to manage and protect this data in order to preserve brand reputation and manage 3rd party risk. These companies typically have both contractual and regulatory obligations to protect this data.
To start out, SecureState will identify what PII is being stored and where it is being stored at your organization. We accomplish this through interviews and a data discovery assessment. At this stage, SecureState will also determine any regulatory requirements around that data.
Once we know where the data is and the applicable regulations, SecureState will perform business process mappings, determining where the data comes in and its point of origin. SecureState will examine how the data is processed, stored, and used, determining what departments use it. SecureState will then determine where the data flows outside of the company.
With a full understanding of the data and its flow, SecureState will identify the protections that should be placed on the data, such as network segmentation and isolation, proper logging and monitoring, proper backups, and processes to purge the data. SecureState identifies these protections using risk assessments, technical testing, and network architecture reviews.
Once your companies addresses these controls, SecureState can also help you build an actual program to make sure that the data remains secure and protected. Your company will need to adapt to changing regulations and any new devices added to your environment.