Embed Size (px)
Citation preview
2
Sunera Snapshot
Professional consultancy focused on regulatory compliance,
information security, internal audit, and information technology
advisory services
Founded by former Big-4 risk partners and professionals
Delivered more than 1500 projects for over 350 clients across a
broad spectrum of industries
Employ over 100 full-time professionals in twelve offices across
the United States and Canada.
PCI Qualified Security Assessor (QSA) and Approved Scanning
Vendor (ASV)
Registered with NASBA to offer CPE’s for our Internal Audit training
courses
Certified integration partner for leading continuous controls monitoring
solutions, including ACL, ERP GRC
3
Internal Audit Services
Business Audit
Outsourcing & Co-sourcing
Enterprise Risk Assessment
Audit Planning
Operational & Business Process Audit
Store, Branch & Franchise Audit
Contract Compliance Audit
Quality/Peer Review
ACL Training
Internal Auditing Training (CPE)
IT Audit
IT Risk & Governance (CobiT) Review
ERP Configurable Controls Optimization,
Design & Testing
ERP Security & Segregation of Duties
Assessment
ERP Pre & Post Integration Review
SOX ITGCs & Application Controls Testing
Information Security and Data Privacy
Assessment
Data Integrity Analysis
Continuous Monitoring
ACL, SAP GRC, Approva BizRights, &
Lumigent Integration
Project Management
Process Controls & SoD Rule Configuration
Quality Assurance, Improvement & Training
Benefits
Enhance Internal Audit’s profile and impact
on the organization
Increase audit efficiencies and risk
coverage
Overcome resource capacity and skills
constraints
4
Compliance Services
Regulatory Compliance
Financial Reporting Regulations
(Sarbanes-Oxley § 404, C-SOX, & J-
SOX)
Financial Services Regulations (GLBA,
FDICIA, Basel II, Patriot Act, & Anti Money
Laundering)
IT Standards (PCI, CobiT, ISO 17799, &
SAS 70)
Data Privacy (HIPAA, US Safe Harbor, EU
Directive 95/46/EC, PIPEDA)
Sarbanes-Oxley
Outsourcing & Co-sourcing
Risk Assessment, Scoping & Materiality
Assistance
Entity & Activity-Level Controls
Documentation & Testing Assistance
IT Controls Documentation & Testing
Controls Remediation Assistance
Self-Assessment Program Assistance
Project Management & Quality Assurance
ICFR Sustainment & Rationalization
Anti Money Laundering
AML Compliance Gap-Analysis
AML Compliance Examination
Transaction Monitoring System
Enhancement
AML Compliance Training
Corporate Internal Investigation
Customer Identification Program
Benefits
Free-up management to focus on strategic
objectives
Avoid scrutiny from the Board and
regulators
Minimize compliance costs and project
delays
5
Information Security & Data Privacy Services
Information Security
Risk Assessment
Vulnerability Assessment
Physical Security Assessment
Penetration Testing
Wireless Security Assessment
Social Engineering
Secure Source Code Analysis (SCA)
Web Application Security Assessment
Security & Privacy Awareness Training
Data Privacy
Privacy Risk Assessment
Policy & Procedure Development
Regulatory Compliance Assistance (GLBA,
Breach Notification, US Safe Harbor, EU
Directive 95/46/EC, PIPEDA, HIPAA)
Personally Identifiable Information (PII)
Discovery
PCI
On-site PCI Data Security Audit
Remediation Assistance
Security Scan & Secure Code Audit
Benefits
Prevent business disruptions, loss of data,
and disclosure of sensitive information
resulting from a security breach
Avoid scrutiny from customers, business
partners, the Board, and regulators
Infrastructure Deployment
Secure Architecture Design
Firewall & Intrusion Detection / Prevention
System Design & Deployment
High Availability Web Application
Infrastructure Design & Deployment
Systems Hardening
Identity Management
Logging Solutions
6
Information Technology Services
IT Consulting
IT Organization Performance Assessment
IT Strategy and Planning
Technology and IT Process Assessments
Data Center Evaluation
ROI/Cost Analysis
User Surveys
Software License Compliance
Network Deployment
Project Management
System Selection
Business Continuity
Disaster Recovery Planning
Business Impact Assessment
Business Continuity Plan Development
Business Continuity Plan Implementation
& Testing
Hurricane Preparedness Planning
Data Storage Management
Outsourcer SLA Development
Project Risk Management
Project Risk Assessment
Root Cause Analysis
Project Oversight & Quality Assurance
Contract Advisory
Scope and Change Management
Assessment
ERP Controls Optimization Services
Benefits
Improve performance of the IT
organization, reduce costs, and achieve
returns from IT investments
Prevent business disruptions from IT
failures
Deliver IT projects on-time, within budget
and achieve anticipated benefits
7
PCI Compliance Assistance Services Sunera provides a full-array of Payment Card Industry (PCI) consulting services designed to help
both merchants and service providers achieve a cost effective solution to meet their specific
payment card brand and level compliance requirements. Sunera is a PCI Qualified Security
Assessor (QSA) and Approved Scanning Vendor (ASV). Our professionals have served all levels
of merchants and service providers across a broad spectrum of sectors.
– Annual Onsite Audit
– Gap Analysis
– Penetration Testing
– Quarterly External Scanning
– Remediation Assistance
– Roadmap to Compliance
– Self Assessment Questionnaire Completion
– Web and Application Code Reviews
– Franchise Compliance Programs
– PCI Awareness and Training Programs
8
Data Privacy and Forensic Assistance
Privacy continues to be a significant business issue. It challenges organizations from a number of
perspectives, including business risk, compliance, brand and reputation. Sunera has performed
data privacy projects for large, international organizations impacted by almost every major privacy
law in the United States, Canada and the European Union. We can help organizations effectively
manage business risks and compliance issues relating to data privacy.
– Corporate Privacy Framework
– Principle-based Privacy Policy and Privacy Charter
– Data Classification Model
– Privacy Gap Analysis Validating Compliance with Applicable Regulations
– Safe Harbor and EU DPA Registrations
– Breach Notification Procedures
– Web-based and Classroom Privacy Awareness Training
Sunera is extensively familiar with, and maintains a library of privacy legislation requirements for
the United States, Canada, Asia, and Europe. This library includes, but not limited to: HIPAA,
Gramm-Leach-Bliley Act (GLBA), Children’s Online Privacy Protection Act (COPPA), Personal
Information Protection and Electronic Documents Act (PIPEDA), Freedom of Information and
Protection of Privacy Act (FOIP Act), UK Data Protection Act, EU Directive 95/46/EC, and US Safe
Harbor.
9
Thought
LeadersWe deliver proactive, unbiased, tried and true guidance.
Quality
We deploy fulltime, trained and certified professionals with appropriate oversight
utilizing proven, pragmatic methodologies to ensure our teams deliver consistent
results. Our professionals are accustomed to working together using standardized
approaches and delivery methods resulting in a unified engagement team.
CollaborativeWe tailor each project to your specific needs. Our flexible, client-centric
approach enables us to deploy teams which complement our clients’ internal
capabilities, address resource constraints and facilitate knowledge transfer.
ResponsiveWe readily adhere to your timetable, unlike “Big-4” firms which are burdened by
onerous internal risk management practices.
Solution
Focused
We are solution orientated. We are known for completing projects that achieve
anticipated benefits, on-time and within budget. Our rigorous project
management discipline combined with our finance and IT capabilities enables us to
successfully deliver a wide-range of services.
Balanced
Perspective
We recognize that “best practices” are not always appropriate and provide cost-
effective solutions that find the right balance between risk and control.
Our Values
10
Learn more about Sunera
Miami
Tampa
AtlantaDallas
Toronto
Vancouver Calgary
Boston
New YorkPhoenix
Charlotte
Silvana Capaldi
Account Executive, Client Services
www.sunera.com
