Sunera Business & Technology Risk Consulting


Published on

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Sunera Business & Technology Risk Consulting

  1. 1. Henrietta.Boulton@Tuimarine.comBusiness and Technology Risk Consulting Services
  2. 2. Sunera Snapshot  Professional consultancy focused on regulatory compliance, information security, internal audit, and information technology advisory services  Founded by former Big-4 risk partners and professionals  Delivered more than 1500 projects for over 350 clients across a broad spectrum of industries  Employ over 100 full-time professionals in twelve offices across the United States and Canada.  PCI Qualified Security Assessor (QSA) and Approved Scanning Vendor (ASV)  Registered with NASBA to offer CPE’s for our Internal Audit training courses  Certified integration partner for leading continuous controls monitoring solutions, including ACL, ERP GRC 2
  3. 3. Internal Audit ServicesBusiness Audit IT Audit Outsourcing & Co-sourcing  IT Risk & Governance (CobiT) Review Enterprise Risk Assessment  ERP Configurable Controls Optimization, Audit Planning Design & Testing Operational & Business Process Audit  ERP Security & Segregation of Duties Store, Branch & Franchise Audit Assessment Contract Compliance Audit  ERP Pre & Post Integration Review Quality/Peer Review  SOX ITGCs & Application Controls Testing ACL Training  Information Security and Data Privacy Internal Auditing Training (CPE) Assessment  Data Integrity AnalysisContinuous Monitoring Benefits ACL, SAP GRC, Approva BizRights, &  Enhance Internal Audit’s profile and impact Lumigent Integration on the organization Project Management  Increase audit efficiencies and risk Process Controls & SoD Rule Configuration coverage Quality Assurance, Improvement & Training  Overcome resource capacity and skills constraints 3
  4. 4. Compliance ServicesRegulatory Compliance Sarbanes-Oxley Financial Reporting Regulations  Outsourcing & Co-sourcing (Sarbanes-Oxley § 404, C-SOX, & J-  Risk Assessment, Scoping & Materiality SOX) Assistance Financial Services Regulations (GLBA,  Entity & Activity-Level Controls FDICIA, Basel II, Patriot Act, & Anti Money Documentation & Testing Assistance Laundering)  IT Controls Documentation & Testing IT Standards (PCI, CobiT, ISO 17799, &  Controls Remediation Assistance SAS 70)  Self-Assessment Program Assistance Data Privacy (HIPAA, US Safe Harbor, EU  Project Management & Quality Assurance Directive 95/46/EC, PIPEDA)  ICFR Sustainment & RationalizationAnti Money Laundering Benefits AML Compliance Gap-Analysis  Free-up management to focus on strategic AML Compliance Examination objectives Transaction Monitoring System  Avoid scrutiny from the Board and Enhancement regulators AML Compliance Training  Minimize compliance costs and project Corporate Internal Investigation delays Customer Identification Program 4
  5. 5. Information Security & Data Privacy ServicesInformation Security Data Privacy Risk Assessment  Privacy Risk Assessment Vulnerability Assessment  Policy & Procedure Development Physical Security Assessment  Regulatory Compliance Assistance (GLBA, Penetration Testing Breach Notification, US Safe Harbor, EU Wireless Security Assessment Directive 95/46/EC, PIPEDA, HIPAA) Social Engineering  Personally Identifiable Information (PII) Secure Source Code Analysis (SCA) Discovery Web Application Security Assessment Security & Privacy Awareness Training PCI  On-site PCI Data Security AuditInfrastructure Deployment  Remediation Assistance Secure Architecture Design  Security Scan & Secure Code Audit Firewall & Intrusion Detection / Prevention System Design & Deployment Benefits High Availability Web Application  Prevent business disruptions, loss of data, Infrastructure Design & Deployment and disclosure of sensitive information Systems Hardening resulting from a security breach Identity Management  Avoid scrutiny from customers, business Logging Solutions partners, the Board, and regulators 5
  6. 6. Information Technology ServicesIT Consulting Business Continuity IT Organization Performance Assessment  Disaster Recovery Planning IT Strategy and Planning  Business Impact Assessment Technology and IT Process Assessments  Business Continuity Plan Development Data Center Evaluation  Business Continuity Plan Implementation ROI/Cost Analysis & Testing User Surveys  Hurricane Preparedness Planning Software License Compliance  Data Storage Management Network Deployment  Outsourcer SLA Development Project Management System SelectionProject Risk Management Benefits Project Risk Assessment  Improve performance of the IT Root Cause Analysis organization, reduce costs, and achieve Project Oversight & Quality Assurance returns from IT investments Contract Advisory  Prevent business disruptions from IT Scope and Change Management failures Assessment  Deliver IT projects on-time, within budget ERP Controls Optimization Services and achieve anticipated benefits 6
  7. 7. PCI Compliance Assistance Services Sunera provides a full-array of Payment Card Industry (PCI) consulting services designed to help both merchants and service providers achieve a cost effective solution to meet their specific payment card brand and level compliance requirements. Sunera is a PCI Qualified Security Assessor (QSA) and Approved Scanning Vendor (ASV). Our professionals have served all levels of merchants and service providers across a broad spectrum of sectors. – Annual Onsite Audit – Gap Analysis – Penetration Testing – Quarterly External Scanning – Remediation Assistance – Roadmap to Compliance – Self Assessment Questionnaire Completion – Web and Application Code Reviews – Franchise Compliance Programs – PCI Awareness and Training Programs 7
  8. 8. Data Privacy and Forensic Assistance Privacy continues to be a significant business issue. It challenges organizations from a number of perspectives, including business risk, compliance, brand and reputation. Sunera has performed data privacy projects for large, international organizations impacted by almost every major privacy law in the United States, Canada and the European Union. We can help organizations effectively manage business risks and compliance issues relating to data privacy. – Corporate Privacy Framework – Principle-based Privacy Policy and Privacy Charter – Data Classification Model – Privacy Gap Analysis Validating Compliance with Applicable Regulations – Safe Harbor and EU DPA Registrations – Breach Notification Procedures – Web-based and Classroom Privacy Awareness Training Sunera is extensively familiar with, and maintains a library of privacy legislation requirements for the United States, Canada, Asia, and Europe. This library includes, but not limited to: HIPAA, Gramm-Leach-Bliley Act (GLBA), Children’s Online Privacy Protection Act (COPPA), Personal Information Protection and Electronic Documents Act (PIPEDA), Freedom of Information and Protection of Privacy Act (FOIP Act), UK Data Protection Act, EU Directive 95/46/EC, and US Safe Harbor. 8
  9. 9. Our ValuesThought We deliver proactive, unbiased, tried and true guidance.Leaders We deploy fulltime, trained and certified professionals with appropriate oversight utilizing proven, pragmatic methodologies to ensure our teams deliver consistentQuality results. Our professionals are accustomed to working together using standardized approaches and delivery methods resulting in a unified engagement team. We tailor each project to your specific needs. Our flexible, client-centricCollaborative approach enables us to deploy teams which complement our clients’ internal capabilities, address resource constraints and facilitate knowledge transfer. We readily adhere to your timetable, unlike “Big-4” firms which are burdened byResponsive onerous internal risk management practices. We are solution orientated. We are known for completing projects that achieveSolution anticipated benefits, on-time and within budget. Our rigorous projectFocused management discipline combined with our finance and IT capabilities enables us to successfully deliver a wide-range of services.Balanced We recognize that “best practices” are not always appropriate and provide cost-Perspective effective solutions that find the right balance between risk and control. 9
  10. 10. Learn more about Sunera Vancouver Calgary Toronto Atlanta Boston Phoenix Dallas New York Charlotte Silvana Capaldi Tampa Account Executive, Client Services Miami 10