The Virtual Security Officer Platform automates common security tasks like defining security plans, implementing controls, and demonstrating compliance to simplify passing audits and staying secure. It uses a world-class GRC platform and leverages over 300 combined years of security expertise. FixNix++ offers advisory, strategy, compliance, and technology services to help enterprises streamline their security programs and gain customer trust.

1. The Virtual Security Officer Platform
Takes the misery and mystery out of passing security audits like SOC 2, GDPR, and ISO 27001
so you can slay more deals and stay secure.
FixNix++
FreshGRC & vCISO Alliance

2. Who is FixNix++?
• vCISO Alliance, A FixNix alliance of World Class
Security Thought Leaders to transform your
immediate Infosec & Compliance Problems
• We are on a mission to help all the enterprises
bringing wide variety of the cyber security issues
resolved
• 300+ years of collective Information Security,
Cyber Security, Cloud Security & Data Protection
experience
• NIST, GDPR, COSO, COBIT, PCI DSS, SOX, HIPAA,
HITRUST, IAPP, DSCI, AICPA
• CISSP, CISA, CISM, CRISC, CGEIT, CCSK, ISO
27001, ISO 27701, ISO 22301, ITSM, ITIL &
industry specific Security Professionals
World class FreshGRC platform
empowering 230 customers & 10,000
users across globe to stay peaceful on
CyberSecurity
• Compliance | Audit | Risk
• Asset| Incident | Policy
• Business Resiliency
• Disaster Recovery
• Privacy | Board
DeepTech capabilities like Predictive
Analytics, Regulatory Risk Data Lake &
Blockchain Whistleblower

3. Why FixNix++
• Keeping your company secure, responding to due
diligence questionnaires, and completing audits is
pushing your security team to their limits. With finding
security talent becoming more challenging, the time
has come for a technology solution to help you scale,
so you can sell more.
• Get world class Gartner rated GRC platform in a very
methodological fashion
• All of the above under the wise eyes of a top Cyber
Security thought leader

4. 3 Steps to stay happy security
Helps you define an
InfoSec plan based on
prebuilt policies and
controls mapped to
industry best practices.
Provides an automated
workflow to assign and
track implementation of
security controls.
Helps you prove you are
secure to customers and
auditors with automated
questionnaire response,
audit project management,
and more.
Define Your Plan Implement Security Prove Compliance

5. What We Do?
Advisory, Strategy,
& Consulting
Governance, Risk
&
Compliance
Management
Data Security /
Privacy Standards
Implementation &
Certification
Emerging
Technologies &
Market Trends
Security
Architecture &
Solutions
Threat,
Intelligence &
Vulnerability
Management
Incident Response
&
Crisis
Management
Identify & Access
Management
Awareness &
Training
Our FixNix++ Virtual Security Officer Platform automates and demystifies InfoSec policy creation,
audit readiness, and security questionnaire response, so enterprises can gain trust with customers and
sell more.

6. The Virtual Security Officer Platform
Common security activities we automate & demystify
Get set up quickly,
without the guesswork,
using our pre-built
policies
Define Your InfoSec Plan Audit Readiness
Prepare for and
maintain SOC 2, ISO
27001 and other
certifications.
Questionnaire Response
Answer security
questionnaires in
minutes using machine
learning.
Vendor Risk Assessment
Assess and audit the
security posture of your
vendors.

7. FixNix++ = Process + Product + Leadership
Board

8. ISO 27001 - Our Point of View
ISO/IEC 27001 requires that management:
Systematically examine the organization's information
security risks, taking account of the threats, vulnerabilities,
and impacts;
Design and implement a coherent and comprehensive suite of
information security controls and/or other forms of risk
treatment (such as risk avoidance or risk transfer) to address
those risks that are deemed unacceptable; and
Adopt an overarching management process to ensure that the
information security controls continue to meet the
organization's information security needs on an ongoing basis.
ISO 27001 Standard

9. SOC 2 – Our Point of View
5 Trust Principles
SOC 2 defines criteria for managing customer data based on
five “trust service principles” security, availability,
processing integrity, confidentiality and privacy.
Most organizations today are familiar with both SOC 1 and SOC 2
reports. While SOC 1 reports cover internal controls over financial
reporting (ICFR) and support a customer’s financial audit, SOC 2
reports focus on the controls that are relevant to the following
Trust Services Criteria (TSC) as established by the American
Institute of Certified Public Accountants (AICPA)
As organizations outsource more of their core operational
functions, they’re beginning to build requirements for SOC 2
reporting directly into their OSP contracts. As a result, we’ve
seen a large increase in demand for SOC 2 reports. In our
experience, they now comprise approximately one-half of all
third-party assurance reports requested by OSPs.

10. GDPR– Our Point of View
5 Trust PrinciplesThe General Data Protection Regulation (EU) 2016/679 is a
regulation in EU law on data protection and privacy in the
European Union (EU) and the European Economic Area (EEA). It
also addresses the transfer of personal data outside the EU and EEA
areas. The GDPR's primary aim is to give control to individuals over
their personal data and to simplify the regulatory environment for
international business by unifying the regulation within the EU.
The regulation applies if the data controller (an organisation that
collects data from EU residents), or processor (an organisation
that processes data on behalf of a data controller like cloud
service providers), or the data subject (person) is based in the
EU. Under certain circumstances, the regulation also applies to
organisations based outside the EU if they collect or process
personal data of individuals located inside the EU.
The regulation does not apply to the processing of data by a
person for a "purely personal or household activity and thus with
no connection to a professional or commercial activity.”

11. Our Approach
Discover Define Assess Recommend Develop Implement Demonstrate
Document Current
State
Assessment
Recommendation &
Validation Deliver Digital
Privacy
Management
Strategy and
Frameworks
Discover,
Understand
Current Data
Security and
Privacy Approach

12. What it costs
Questionnaire
Management
+ $499/mon
Automate security
questionnaire responses.
Automated RFP Import
AI-Based RFP Response
Centralized Repository
Centralized Repository for
RFPs & Contracts
FixNix++
Essentials
$499/mon
The basics for starting a security
program.
Auto Policy Generator
Task Management
Shareable Reports
Control Assignment & Tracking
Audit
Readiness
+ $999/mon
Prepare for audits (SOC 2, ISO
27001, GDPR & more)
Risk Assessment
Audit Project Management
Automated Evidence Collection
Security Analyst Email Support
Vendor Risk
Management
+ $499/mon
Vet the security posture of
your vendors.
Automated Distribution
Vendor Scoring
Compliance Repository
Centralized Repository of
Vendor Audits
Enterprise Plus
Contact Us
Ideal for larger security and
sales teams.
Security Operations Center
Premium Customer Support
Security Monitoring &
Incident Management
Virtual CISO
Prebuilt Policies & Controls SOC 2 Framework Mapping Automated Security
Questionnaire Response
Automated Vendor Risk
Management Audit Security Championing to Clients

13. Thank You!
FixNix++
FreshGRC & vCISO Alliance