Policy and Procedure Writing & Compliance Services for Information Security | ISO 27001 | 27002, FISMA, NIST, HIPAA, HITECH, FFIEC, GLBA, Business Continuity, PCI DSS, and more.

Flat Iron Technologies, LLC is a nationally recognized boutique firm specializing in consulting services for ISO 27001, 27002, FISMA, FERC, NERC, NIST, HIPAA, HITECH, FFIEC, GLBA, Business Continuity, PCI DSS, cyber security, cloud security, virtualization, and more. We offer general consulting services for many industries and business sectors, such as policy and procedure writing, gap analysis engagements and readiness assessments, along with other specialized consulting and advisory services.

Learn more about our signature product, the Global Information Security Compliance Packet (GISCP), the world's most complete security policy packet containing over 2,850 + pages of in-depth information security policies, procedures, forms, checklists, templates, provisioning and hardening documents, and much more. 

Learn more today about the GISCP by viewing sample policies, forms, hardening documents, and more, along with our professional compliance services we offer.

Below is just a small sample of the following laws, legislation, directives, regulatory compliance frameworks, along with various other supporting business initiatives that we work with:

  • The Federal Information Security Management Act of 2002, (FISMA).
  • The Health Insurance Portability and Accountability Act (HIPAA).
  • The Health Information Technology for Economic and Clinical Health ACT of 2009 (HITECH).
  • The Federal Financial Institutions Examination Council (FFIEC).
  • The Gramm–Leach–Bliley Act (GLBA), also known as the Financial Services Modernization Act of 1999.
  • Business Continuity and Disaster Recovery Planning (BCDRP).
  • Payment Card Industry Data Security Standards (PCI DSS).
  • US - EU Safe Harbor 
  • many others.

Benchmarks, Standards, and Frameworks Included within our Documentation
Additionally, our industry-leading information security policy and procedure documents (GISCP) incorporate various provisions from some of the most well-known benchmarks, standards, frameworks, industry associations, vendor security guides – and best practices – such as the following:

  • ISO 27001 | 27002 framework
  • Information Technology Infrastructure Library (ITIL)
  • COBIT | Control Objectives for Information and Related Technologies
  • COSO | Committee of Sponsoring Organizations of the Treadway Commission
  • NIST SP 800 Publications (Approximately 100 + publications)
  • Defense Information Systems Agency (DISA) Security Technical Implementation Guides (STIGs) | Unclassified Documents
  • United States Computer Emergency Readiness Team (US CERT)
  • CIS Security Benchmarks Division
  • NIST National Vulnerability Database
  • Open Source Vulnerability Database
  • Common Configuration Enumeration (CCG)
  • Common Vulnerabilities and Exposures CVE
  • Cloud Security Alliance (CSA)
  • SANS Institute
  • Open Web Application Security Project (OWASP)
  • MITRE
  • Vendor specific setup, configuration and hardening guides for all major network devices, operating system, databases, web servers, and more.

How We Can Help
Businesses today are faced with growing regulatory compliance mandates, many which require considerable amounts of work to be done prior to the actual engagement for effectively preparing an organization. Most organizations struggle with a host of internal operational issues relating to compliance, such as the following:

Ineffective System of Internal Controls: Provisions within ISO 27001 | 27002, FISMA, NIST, HIPAA, HITECH, FFIEC, GLBA, Business Continuity, PCI DSS, and many other regulatory compliance initiatives require organizations to implement a whole host of processes, procedures, and related activities for compliance. Organizations struggle immensely with these issues as they don't know where to begin, how to implement the required controls, how to test for effectiveness, along with implementing practices for ongoing compliance.

Outdated Policies and Procedures: Along with building a strong system of internal controls, policies and procedures are also needed for ensuring employees adhere to the requirements within these documents, along with validating to various third party entities (i.e., clients, prospects, regulatory bodies) that your organization has in place documentation that’s current, relevant, and includes provisions for the confidentiality, integrity, and availability (CIA) of all company-wide system resources.

Policy and Procedure Writing for Information Security | Trust the Experts
As such, Flat Iron Technologies, LLC provides highly specialized consulting services dedicated to ISO 27001, 27002, FISMA, FERC, NERC, NIST, HIPAA, HITECH, FFIEC, GLBA, Business Continuity, PCI DSS, cyber security, cloud security, virtualization, US - EU Safe Harbor, and many other initiatives. Not only can we help implement the necessary and required practices needed for compliance with the aforementioned laws and standards, we can also develop customized policy and procedure documentation specific to each of these initiatives.  Learn more about our signature product, the Global Information Security Compliance Packet (GISCP), by viewing the product data sheet, along with sample documentation.

View Sample Information Security Documents Today from the Industry Leaders
Purchase the GISCP set of policies, procedures, forms, checklists, templates, and provisioning and hardening documents today. Additionally, you can view sample documents, along with viewing the product data sheet, which lists all the documents you'll receive from Flat Iron Technologies, LLC.  Furthermore, give us a call today to discuss your need related to ISO 27001, 27002, FISMA, FERC, NERC, NIST, HIPAA, HITECH, FFIEC, GLBA, Business Continuity, PCI DSS, cyber security, cloud security, virtualization, US - EU Safe Harbor, and other regulatory compliance issues.

GISCP - PREMIER Edition ($1,479.00)

Click below to view table of contents

GISCP cover