Risk & Compliance Services

Fill the gaps in your information security program with trusted advice from Foundstone

Key Benefits


Get the valuable help you need to meet increasingly complicated regulatory requirements.

Health Checks

Create and maintain strong, enforceable security policies by evaluating network security and assessing current risks and vulnerabilities.

Program Development

Strengthen the foundation of your information security programs.

Our Services

Contact Us


Business Continuity Program Maturity Assessment

If disaster strikes, are you prepared? In order to understand and measure the resilience of your business, this assessment helps you determine best-practice management goals and offers recommendations for initiatives to move your business resilience program forward.

Industrial Control Systems (ICS) Assessment

Identify and prioritize risks to Supervisory Control and Data Acquisition (SCADA) systems, analyze threats, and resolve vulnerabilities in your critical infrastructure. We evaluate your security posture and develop actionable recommendations to mitigate risks from external attackers, insider threats, and automated worms.

Operational Technology Risk Assessment (OTRA)

Identify and prioritize risks to supervisory control and data acquisition (SCADA) systems, analyze threats, and resolve vulnerabilities in your critical infrastructure.

Payment Card Industry (PCI) Security Solutions

Meet PCI DSS requirements. Foundstone’s PCI Security Solutions strengthen data security, ensuring you meet industry requirements.

Strategic Security Roadmap & Maturity Planning

Identify organizational priorities based on risk posture and business objectives, and build a roadmap that prioritizes strategic recommendations and puts your organization on a path to security maturity.

Health Checks

Comprehensive Security Assessment

Identify all vulnerabilities and protect the right assets from the most severe threats. Secure all devices connected to your network and thoroughly test potential points of attack after enumerating every live host, open port, and available service.

Data Loss Prevention Assessment

Detect and prevent the unauthorized transmission or disclosure of sensitive information. Reduce your risk of exposure by identifying sensitive data copied or currently in transit from its original intended container.

Enterprise Risk Assessment

Discover the threats that are likely to have the greatest impact on your organization, and learn strategies to mitigate risk while meeting compliance goals. This assessment identifies and analyzes the convergence of assets, threats, and vulnerabilities to present a comprehensive evaluation of your current risk profile.

Incident Management Check

Build a better, more effective incident response and management program. Our team analyzes the gaps in your current program and offers recommendations to improve emergency response protocol.

Outsourcing & Third-Party Assessment

Ensure that partners, outsourced providers, and other third-party companies enforce information security policies that are consistent with your own rules and prevent data loss, network attacks, and threat outbreaks.

Policy & Process Review

Establish and maintain well-defined, comprehensive, and enforceable information security policies that support business goals and objectives.

Regulatory & Compliance Check

Meet information security compliance requirements. We assess gaps in your organization’s regulatory and compliance status and make next-step recommendations.

Program Development

Data Loss Prevention Program Development

Detect and prevent the unauthorized transmission or disclosure of sensitive corporate information with a comprehensive data loss prevention program.

Policies, Practices & Process Development

Define enterprise-wide security policies, build secure software, and create processes to bridge the gap between security policies and technologies. We help you create and implement effective security processes so you can maintain a solid security posture.

Vulnerability Management Program Development

Manage network vulnerabilities and develop a vulnerability management lifecycle to ensure new security weaknesses are quickly discovered and mitigated.