You’ll begin by adopting some relatively simple security policies. As you progress you’ll adopt increasingly mature policies, guided at every step by securityprogram.io. And your policies will be mapped to NIST 800-53 and ISO 27001, so you can be confident going into any security discussion with your partners or customers.
A robust security program includes security training as a requirement. With securityprogram.io you'll have access to general security awareness training for your entire team. And you'll receive policy specific training to help you implement each of your new security policies.
securityprogram.io includes support for Application Inventories, Risk Registers, Asset Trackers, and a host of other risk management tools. But you won't be overwhelmed trying to fill everything out at once. Over the course of the program you'll be guided in filling out each of the templates one by one, in an order that makes sense, in lock-step with each new security policy you adopt.
Scanning is crucial to ensure the security of your environment. Your security program will include regular scans, with results reported directly to securityprogram.io. Or if you prefer, findings can be sent directly to your own issue tracking software.
Eventually your partners will ask for a letter of attestation regarding your company's security posture, and with securityprogram.io you'll be able to generate this letter on demand.
At the upper tier, we offer auditing: we'll review your policies and supporting evidence, and provide you with a stronger assessment to share with 3rd parties. You'll have direct access to the Jemurai team, a more robust scanning process, and deeper discounts for our On Demand services (Pen Testing, Code Review, Threat Modelling, etc.).
