2. Sunera Snapshot
Professional consultancy focused on regulatory compliance,
information security, internal audit, and information technology
advisory services
Founded by former Big-4 risk partners and professionals
Delivered more than 1500 projects for over 350 clients across a
broad spectrum of industries
Employ over 100 full-time professionals in twelve offices across
the United States and Canada.
PCI Qualified Security Assessor (QSA) and Approved Scanning
Vendor (ASV)
Registered with NASBA to offer CPE’s for our Internal Audit training
courses
Certified integration partner for leading continuous controls monitoring
solutions, including ACL, ERP GRC
2
3. Internal Audit Services
Business Audit IT Audit
Outsourcing & Co-sourcing IT Risk & Governance (CobiT) Review
Enterprise Risk Assessment ERP Configurable Controls Optimization,
Audit Planning Design & Testing
Operational & Business Process Audit ERP Security & Segregation of Duties
Store, Branch & Franchise Audit Assessment
Contract Compliance Audit ERP Pre & Post Integration Review
Quality/Peer Review SOX ITGCs & Application Controls Testing
ACL Training Information Security and Data Privacy
Internal Auditing Training (CPE) Assessment
Data Integrity Analysis
Continuous Monitoring Benefits
ACL, SAP GRC, Approva BizRights, & Enhance Internal Audit’s profile and impact
Lumigent Integration on the organization
Project Management Increase audit efficiencies and risk
Process Controls & SoD Rule Configuration coverage
Quality Assurance, Improvement & Training Overcome resource capacity and skills
constraints
3
4. Compliance Services
Regulatory Compliance Sarbanes-Oxley
Financial Reporting Regulations Outsourcing & Co-sourcing
(Sarbanes-Oxley § 404, C-SOX, & J- Risk Assessment, Scoping & Materiality
SOX) Assistance
Financial Services Regulations (GLBA, Entity & Activity-Level Controls
FDICIA, Basel II, Patriot Act, & Anti Money Documentation & Testing Assistance
Laundering) IT Controls Documentation & Testing
IT Standards (PCI, CobiT, ISO 17799, & Controls Remediation Assistance
SAS 70) Self-Assessment Program Assistance
Data Privacy (HIPAA, US Safe Harbor, EU Project Management & Quality Assurance
Directive 95/46/EC, PIPEDA) ICFR Sustainment & Rationalization
Anti Money Laundering Benefits
AML Compliance Gap-Analysis Free-up management to focus on strategic
AML Compliance Examination objectives
Transaction Monitoring System Avoid scrutiny from the Board and
Enhancement regulators
AML Compliance Training Minimize compliance costs and project
Corporate Internal Investigation delays
Customer Identification Program
4
5. Information Security & Data Privacy Services
Information Security Data Privacy
Risk Assessment Privacy Risk Assessment
Vulnerability Assessment Policy & Procedure Development
Physical Security Assessment Regulatory Compliance Assistance (GLBA,
Penetration Testing Breach Notification, US Safe Harbor, EU
Wireless Security Assessment Directive 95/46/EC, PIPEDA, HIPAA)
Social Engineering Personally Identifiable Information (PII)
Secure Source Code Analysis (SCA) Discovery
Web Application Security Assessment
Security & Privacy Awareness Training
PCI
On-site PCI Data Security Audit
Infrastructure Deployment
Remediation Assistance
Secure Architecture Design Security Scan & Secure Code Audit
Firewall & Intrusion Detection / Prevention
System Design & Deployment Benefits
High Availability Web Application
Prevent business disruptions, loss of data,
Infrastructure Design & Deployment
and disclosure of sensitive information
Systems Hardening
resulting from a security breach
Identity Management
Avoid scrutiny from customers, business
Logging Solutions
partners, the Board, and regulators
5
6. Information Technology Services
IT Consulting Business Continuity
IT Organization Performance Assessment Disaster Recovery Planning
IT Strategy and Planning Business Impact Assessment
Technology and IT Process Assessments Business Continuity Plan Development
Data Center Evaluation Business Continuity Plan Implementation
ROI/Cost Analysis & Testing
User Surveys Hurricane Preparedness Planning
Software License Compliance Data Storage Management
Network Deployment Outsourcer SLA Development
Project Management
System Selection
Project Risk Management Benefits
Project Risk Assessment Improve performance of the IT
Root Cause Analysis organization, reduce costs, and achieve
Project Oversight & Quality Assurance returns from IT investments
Contract Advisory Prevent business disruptions from IT
Scope and Change Management failures
Assessment Deliver IT projects on-time, within budget
ERP Controls Optimization Services and achieve anticipated benefits
6
7. PCI Compliance Assistance Services
Sunera provides a full-array of Payment Card Industry (PCI) consulting services designed to help
both merchants and service providers achieve a cost effective solution to meet their specific
payment card brand and level compliance requirements. Sunera is a PCI Qualified Security
Assessor (QSA) and Approved Scanning Vendor (ASV). Our professionals have served all levels
of merchants and service providers across a broad spectrum of sectors.
– Annual Onsite Audit
– Gap Analysis
– Penetration Testing
– Quarterly External Scanning
– Remediation Assistance
– Roadmap to Compliance
– Self Assessment Questionnaire Completion
– Web and Application Code Reviews
– Franchise Compliance Programs
– PCI Awareness and Training Programs
7
8. Data Privacy and Forensic Assistance
Privacy continues to be a significant business issue. It challenges organizations from a number of
perspectives, including business risk, compliance, brand and reputation. Sunera has performed
data privacy projects for large, international organizations impacted by almost every major privacy
law in the United States, Canada and the European Union. We can help organizations effectively
manage business risks and compliance issues relating to data privacy.
– Corporate Privacy Framework
– Principle-based Privacy Policy and Privacy Charter
– Data Classification Model
– Privacy Gap Analysis Validating Compliance with Applicable Regulations
– Safe Harbor and EU DPA Registrations
– Breach Notification Procedures
– Web-based and Classroom Privacy Awareness Training
Sunera is extensively familiar with, and maintains a library of privacy legislation requirements for
the United States, Canada, Asia, and Europe. This library includes, but not limited to: HIPAA,
Gramm-Leach-Bliley Act (GLBA), Children’s Online Privacy Protection Act (COPPA), Personal
Information Protection and Electronic Documents Act (PIPEDA), Freedom of Information and
Protection of Privacy Act (FOIP Act), UK Data Protection Act, EU Directive 95/46/EC, and US Safe
Harbor.
8
9. Our Values
Thought
We deliver proactive, unbiased, tried and true guidance.
Leaders
We deploy fulltime, trained and certified professionals with appropriate oversight
utilizing proven, pragmatic methodologies to ensure our teams deliver consistent
Quality results. Our professionals are accustomed to working together using standardized
approaches and delivery methods resulting in a unified engagement team.
We tailor each project to your specific needs. Our flexible, client-centric
Collaborative approach enables us to deploy teams which complement our clients’ internal
capabilities, address resource constraints and facilitate knowledge transfer.
We readily adhere to your timetable, unlike “Big-4” firms which are burdened by
Responsive onerous internal risk management practices.
We are solution orientated. We are known for completing projects that achieve
Solution anticipated benefits, on-time and within budget. Our rigorous project
Focused management discipline combined with our finance and IT capabilities enables us to
successfully deliver a wide-range of services.
Balanced We recognize that “best practices” are not always appropriate and provide cost-
Perspective effective solutions that find the right balance between risk and control.
9
10. Learn more about Sunera
Vancouver Calgary
Toronto
Atlanta Boston
Phoenix
Dallas New York
Charlotte
Silvana Capaldi
Tampa Account Executive, Client Services
scapaldi@sunera.com
Miami
www.sunera.com
10