As your risk advisory firm, Resiliam will provide your organization with the training and the tools you’ll need to achieve certification, and we’ll help you maintain that level of readiness on an ongoing basis to attain true organizational resilience.

Our services include:

• ISO 27001 Information Security Management System (ISMS) Consulting
• ISO 27701 Privacy Information Management System (PIMS) Consulting
• ISO 22301 Business Continuity Management System (BCMS) Consulting
• Information Technology Risk Management
• HIPAA Security & Privacy Rules
• NIST 800-53 & 800-171
• General Data Protection Regulation (GDPR)
• California Consumer Privacy Act (CCPA)
• NYDFS 23 NYCRR 500

ISO 27001 Information Security Management System (ISMS) Consulting

The ISO 27001 standard for Information Security Management Systems (ISMS) is the most widely recognized security management standard in the world. It sets out detailed controls for establishing, implementing, maintaining and continually improving an ISMS within the context of an organization. Achieving ISO 27001 certification tells potential clients and customers that your firm is committed to internationally recognized best practices in Information Security, that security has been integrated into core business processes, and that your firm is ready to maintain that level of commitment moving forward as the risk-environment evolves.

The industry-leading Resiliam team has helped more than forty clients achieve ISO 27001 certification since its founding as Security GRC² in 2006. Key to our success is the proven, proprietary intellectual property we’ve developed over a decade in this industry. Working with an organization’s leadership, we customize these materials to fit each client’s unique processes and infrastructure, while building teams within the client organization that are responsible for data collection and the implementation of the ISMS. Each of our consultants works closely with the client to ensure that all systems, policies and data meet the standards set out in ISO 27001. We make sure clients are capable of maintaining their ISO 27001 processes and are ‘audit-ready’ for their annual surveillance audits needed to maintain its certification.”

As well as improving their ability to respond to information-security audits and comply with Outside Counsel guideline requirements, our clients tell us that achieving ISO 27001 certification has helped with:

• IT Governance – Alignment between policies, procedures, and processes.
• Improved RFP Responses – Marketing can cite ISO 27001 in RFP responses to win new client business.
• Standard of Care – Nearly half the AmLaw 100 is certified or working towards certification. ISO 27001 is now a standard of care across the legal sector.
• Decreased Cyber Insurance/Malpractice Premiums – Top insurance providers (ALAS, Aon, Marsh) offer reduced cyber-insurance premiums for ISO-certified firms.
• “Lawyer Security Awareness” – The prestige of ISO 27001 helps change lawyer attitudes, once they understand that certification can open up new business opportunities.

ISO 27701 Privacy Information Management System (PIMS) Consulting

In July 2019, ISO announced the release of ISO 27701 for Privacy Information Management Systems (PIMS), as an extension to ISO 27001, its first truly International Standard.

Key features include mapping to the General Data Protection Regulation (GDPR) and privacy best practices to demonstrate compliance and manage the requirements of multiple regulatory bodies, including California. Summative changes include:

• Eight additional requirements to ISO 27001 management clauses
• 79 modifications to ISO 27002 controls guidance corresponding to ISO 27001 Annex A Controls
• 31 new privacy controls for PII controllers
• 18 new controls for PII processors

These new international standards are literally based on the ISO 27001 and 27002 ISMS standards. That being said, ISO 27701 defines processes and provides guidance for protecting PII on an ongoing, ever evolving basis. By offering a management system with PIMS, it defines processes for continuous improvement of privacy and data protection. What’s more, for those who are certified with ISMS, it is now much easier to update their ISMS to PIMS. In summary, ISO 27701 facilitates ease of data mapping and guidance from a truly international privacy best practices and information security perspective.

ISO 22301 Business Continuity Management System (BCMS) Consulting

The ISO 22301 standard for Business Continuity Management Systems (BCMS) describes the systems and processes by which a firm can best prepare for and recover from unexpected events that may impact the firm’s ability to operate.

Resiliam clients seeking ISO 22301 certification will receive our proven, proprietary intellectual property, which more than satisfies the ISO requirements for audit. Our consultants will then work with the firm’s leadership to customize all relevant materials to fit each client’s unique processes and infrastructure, while building teams within the client organization that are responsible for data collection and the implementation of the BCMS. Each consultant works closely with the clients to manage the evidence-collection process, ensuring that all policies or data meet auditing expectations and the standards set out in ISO 22301.

Information Technology Risk Management

Resiliam will use the ISO 27001:2013 framework as an objective standard to measure a firm’s current security practices. By aligning security policies and practices with the recognized international standard, our clients will improve governance and control over their overall information security, risk and compliance activities. Please contact Resiliam to discuss your firm’s particular needs with one of our team.

HIPAA Security & Privacy Rules

The Health Insurance Portability and Accountability Act (HIPAA) of 1996 contains a set of strict standards for the management of confidential healthcare information for firms operating within the U.S. Resiliam’s expert compliance consultants will help your firm meet those requirements, ensuring the security of all patient and organizational information. Please contact Resiliam to discuss your firm’s particular needs with one of our team members.

Program Development

Resiliam is pleased to work with clients on the design and implementation of new information security and data privacy programs within their organization. Whether your needs pertain to NIST 800-53 & 800-171, the General Data Protection Act (GDPR), California Consumer Privacy Act (CCPA), or New York’s NYDFS 23 NYCRR 500 privacy regulation, our expert team is here to support your infosec, privacy, legal, audit and compliance personnel. Our expert consultants partner with our clients both to develop new programs and to produce any necessary materials and documentation associated with the program’s initiation and use. Please contact Resiliam to discuss your firm’s particular needs with one of our team.