Ekko Services

We specialize in the implementation of Information Security Management Systems based on the ISO27002 specification and ISO27001 certification standards. In addition we provide a broad range of compliance and business process improvement services.

We are a recognized and experienced ISO27001/27018 pre-certification consulting firm. We have implemented numerous management systems with our clients and work with the leading external cerification firms.

EKKO’s approach helps you develop a company wide program to address your organizations compliance requirements, whether driven by regulatory, legal or privacy related concerns.

Designed and executed appropriately a good risk management program can reduce costs, focus security controls and provide a common framework from which appropriate decisions can be made.

Develop BCP and DR plans to reduce your availability risks to an acceptable level.

EKKO provides a variety of services in preparing for or reporting on internal controls for Service Organizations.

We leverage the Cloud Security Alliance CCM and CSA STAR frameworks. Cloud security architecture and security reviews.

Our security team perform infrastructure and web application penetration tests of your systems and applications that provides you a risk based report highlighting issues from an attackers point of view. EKKO also conducts code level security reviews.

Leverage EKKO's team to assist you with defining your security architecture and strategy. SABSA and the Cyber Security Framework are core to these service offerings.

EKKo's identity and access management services are designed to assist organizations solve the issues often found within idenity and access management systems. We specialize in defining current state scenarios and helping you plan for managing identities and access, including priviledged access within your environment.

Some of our happy clients

ISO27000

We are a recognized and experienced ISO27001/27018 pre-certification consulting firm. The ISO27001:2013 International Standard has been prepared to provide a model for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an Information Security Management System (ISMS).

We have worked with many leading startups and enterprises anon their successful, cost effective and expedient journey to ISO27001/27018 certification.

Introduction
Process
Benefits
Results
  • Business drivers such as customer sales, regulatory compliance and competitive advantage increase the need for a reputable and recognized security management system that demonstrates good corporate security practices when dealing with information.

    The ISO27001:2005 Information Security Management System and ISO27002 Specification for Information Security are the de-facto global standards by which an organizationʼs security processes, employee awareness and security technologies are certified and evaluated. An ISO27001 certificate is an invaluable asset that demonstrates to customers and others that your organization manages information security to the highest levels.

  • Information security starts with people. Educate and train employees in information security policy, awareness, processes, documentation and controls.

    Define, document and implement information security and technology processes that support an ISO27001 compliant information security management system (ISMS); and that meets the objectives of your business.

    Implement technologies to facilitate information security management, compliance and audit requirements. Enable efficient measurable processes, reduce costs and increase information security.

    • Generate immediate customer confidence when asked about your information security practices and environment.
    • Streamline and optimize regulatory compliance initiatives.
    • Manage your information security and IT investments based on risk and metrics that matter to your business. Save time and money by streamlining and optimizing processes.
    • Provide measurable process and technology output so that you can make moreinformed management and security decisions.
  • EKKO consultants are experts in their field and will guide your organization and management team through the implementation process. We help you meet your goals and objectives on your path to obtaining ISO27001 Information Security Management System certification.

Compliance

Our compliance service offerings are tightly integrated with our risk management services. EKKO’s approach helps you develop a company wide program to address your organizations compliance requirements, whether driven by regulatory, legal or privacy related concerns.

Our consultants have extensive regulatory compliance knowledge and experience with implementation, sustaining and fine tuning compliance related activities in small, medium and enterprise sized companies. We have implemented compliance management solutions, compliance management dashboards and performed extensive compliance automation studies for our customers.

Introduction
Regulations
Benefits
Results
  • We are experienced in working with financial, high-tech, manufacturing, healthcare, bio-tech, pharmaceutical, government, educational and retail organizations.

    • Sarbanes Oxley
    • PCI
    • HIPAA
    • FedRamp
    • Privacy Shield
    • FDA
    • SB1386 / AB1298
    • GLBA
    • BASEL II
    • 21CFR
    • And many others...
    • Streamline compliance processes and reduce your compliance costs.
    • Decrease the burden on your internal resources.
    • Streamline audit and compliance processes.
    • Increase controls visibility and accountability within your organization.
    • We assist by standardizing on common control frameworks
      • Reduce audit overhead
      • Reduce compliance costs
      • Standardize on common controls
    • Analyze and optimize controls within organizations charged with multiple regulations or standards.
    • Produce compliance reports and management dashboards.
    • Optimize and automate compliance processes and controls.
    • Reduce costs associated with audit and compliance
      • Implement common control frameworks (ISO)
      • Define and implement repeatable compliance processes

Risk Management

Risk management is the foundation for implementing a good information security management system. Designed and executed appropriately a good risk management program can reduce costs, enhance security and provide a common framework from which appropriate. We have adopted our own tools and approach for evaluating and prioritizing.

Our process is easy to understand; this facilitates the risk assessment process and helps you gather the results you need to start managing risk at your organization. We work your management personnel to help identify risks within your organization. Once complete, we strategize and help you plan for risk mitigation and remediation activities.

Some of our happy clients

BCP/DR

Develop BCP and DR plans to reduce your risks to an acceptable level. EKKO’s experienced consultants lead you through the BCP/DR process and define a scope that is right for your business and budget. We perform a scope analysis, business impact assessment, identify risks and develop BCP/DR plans and test scripts.

SSAE 16

Service Organizations must work hard to compete in today’s global economy particularly in sustaining controls that protect customer operations and data. EKKO provides a variety of services in preparing for or reporting on internal controls for Service Organizations.

Introduction
Results
  • Statements on Standards for Attestation Engagements No. 16 (SSAE 16) replaces Statements on Auditing Standards No. 70 (SAS 70) addressing Service Organization Control (SOC) reporting and offers many potential benefits in demonstrating a dedication to strong internal controls.

  • An SSAE 16 SOC report allows a company to provide customers with independent validation regarding their internal control design (Type 1) and operating (Type 2) effectiveness and can be tailored to address financial reporting (SOC 1), privacy (SOC 2) or online trust services seal program (SOC 3).

  • An SSAE 16 SOC report is often accepted by customers, customers’ external auditors and regulatory auditors in place of those parties conducting their own onsite independent audit.

    Undergoing a SSAE 16 SOC audit often distinguishes a company over its competitors, particularly when the company operates in a relatively new or overly competitive industry.

Cloud Security

Cloud migration introduces some new opportunities to enable business within the cloud, yet some challenging and new concepts for traditional security control frameworks.

We leverage the Cloud Security Alliance CCM and CSA STAR frameworks, in addition to ISO27002 to deliver our cloud security services.

Cloud Migration Security Readiness Assessment

An assessment of your control framework, roles and responsibilities, contractual, legal and regulatory requirements for migrating to the cloud. We focus on both national and international data privacy directives and issues related to audit, compliance and data protection within the cloud.

EKKO Services

EKKO's Compliance as a Service (CaaS)