Partners are a key part of the vision for SPIO. We are a team of software and security experts but we aren't necessarily planning to build a large team of program implementors and we don't do audits, so we have been developing a list of partners to help with SPIO program implementations. Contact us at firstname.lastname@example.org to collect the details and terms.
If you are a security expert delivering Virtual CISO projects for clients, we would love to talk about how you can do that on top of securityprogram.io in a way that is branded for your company. Not only that, we may have ways that we can help you identify projects!
If you are a security firm that performs audits, such as SOC 2 or ISO 27001, we believe our tool can help your early and less mature customers make substantial headway and normalize reporting. We would love to talk more about how we can collaborate to make your job easier while making your customers successful with their security goals.
Although we provide Virtual CISO programs through SPIO ourselves, part of the vision of the platform is to be able to enable other V-CISO's to offer their programs - but with the benefits of built in reporting and structured output.
Since the platform takes care of the mechanics, you can focus on the strategic advisory work - and potentially take on more clients, while providing an effective, measurable program. Not only that, if you bring on people to help with say Vendor Management as part of your program, you will have a structured way for delivering that service that is consistent across your projects.
In addition to enabling customers directly with SPIO, we envision it as being a platform for broadly amplifying the impact security leaders can have by providing the core building blocks for a successful program.
Often the auditing firms we work with have established processes for collecting the information they need to conduct an audit. This might be in a spreadsheet, drive, JIRA, etc. We want to integrate SPIO information into that seamlessly so that the audit can be as easy as possible for all involved.
We also see companies with almost no security program contacting auditors about doing a SOC 2 or ISO 27001 audit. Often these companies are not well served by immediately doing the audit, but need to build a program first. We think SPIO is a great approach for doing that which can allow the auditing firm to capture the long term work, assist in minor ways with program development but provide the customer with an appropriate solution.