You can use the time for Cybersecurity, SOC2, Compliance, Risk, Privacy, GRC, Policies, Audits, Regulators, Metrics, Incident Response, Vendor or Supplier Risk, etc. You are not limited in what you need to get done, and how we can help you from advisory to accountability to coaching to hands-on, or any combination.
You are the expert in your business and we are the expert in Cybersecurity, SOC2, Compliance, etc. We join forces with you in mutual respect to create your best result. We listen and respond, not dictate.
NO INEQUITABLE TREATMENT
Whether you're a growing or established company, a small or larger relationship, the level of consultant and expertise is the same. You don't get shortchanged with junior talent just because you don't have endless funds.
NO MINIMUMS COERCION
We don't force you into doing it our way and on our terms. You get to choose how much you need, adjust it as your business grows, and be in control of how it's used and what it accomplishes. We're not going to coerce you into spending you don't need.
NO GAME PLAYING
We don't play games where we're the expert, know everything, and you know nothing. We work with you in transparency to coach you in what you may not know, and how to best, creatively if need be, achieve that end for your business.
NO RIGID MOLDS
We don't operate that you have to be, or do as it's always been. We are flexible to help you achieve what you see as priority that adds the most value to your business, in your timeframe and pace, and at your budget. You get to be you on your individualized path.
NO INTENTIONAL CONFUSION
We are straightforward in what we provide and how we work with our clients. It's your party so you get to choose the 1) availability you want, 2) level of support you want, 3) objectives you want to achieve, and 4) schedule the time how you want.
In this 1 hour working strategy session, we will:
- Identify your top Cybersecurity, SOC2, Compliance objectives to add most value and protection for your business
- Prioritize to get iterative and simultaneous traction for you according to your budget
- Anticipate challenges, roadblocks, gotchas, constraints along with way in an ever-changing security and Compliance landscape
If you move forward with a certain level Monthly On-Demand Expert subscription, this will be credited to that upgrade.
SOC2 Readiness + Gap Assessment + Remediation + Audit
Cybersecurity + Data Protection (PHI, PII) + Frameworks (NIST CSF, HITRUST CSF, ISO 27001)
Risk Assessments (Enterprise, IT, Security) + Risk Management + Risk Register + Treatment
Compliance (SOC2, HITRUST, HIPAA, FFIEC, PCI DSS) + Auditor Support + Regulator Support
Privacy (SOC2, GDPR, CCPA)
GRC (Governance Risk Compliance) + Tools + Automation
Incident Response + Breach Support
Vendor or Supplier Risk + Security Questionnaires
Policies + Processes + Best Practice + Exceptions
Business Continuity (BCP) + Business Impact Analysis (BIA) + Disaster Recovery (DR) + Tabletops
Can you do my SOC2 audit, or help me get ready for a SOC2 audit?
Yes, Cheri is a CPA registered in the state of Texas to conduct SOC2 audits. We also do SOC2 Readiness (or gap assessment) on a regular basis for companies. We can either help you evaluate yourself with an add-on template, or we can do it for you. Both of these are separate fixed fee engagements, not part of the Monthly On-Demand Expert.
Will you read documents, like policy, to help get them finalized or provide input? Will you attend a Board or other meeting? Will you help with me with a GRC tool?
Yes, yes, and yes. The On-Demand Expert time is yours to choose how you use. We are here to partner our expertise with you as you drive towards creating the best Cybersecurity, SOC2, Compliance posture for your company.
How do I know what level I should select to start?
What is your budget and level of commitment towards Cybersecurity, SOC2, Compliance matters? You should select a level consistent with those. And since you can always increase the number of hours (or even cancel), don't stress about the level to start. There's little risk. Just commit today to consistently prioritizing these tough items so you don't jeopardize your company's data or clients.
How much or little time can I book in a single meeting, and can it be rescheduled? Who will be meeting with me?
You schedule meetings for 30, 60, or 90 minutes during business hours Central Standard Time Monday through Friday. For rescheduling, no worries, life happens. Meetings can be rescheduled within 24 hours with no loss of time. Cheri, MBA, CPA, CISSP, BCC runs the practice so she is at the forefront of serving all clients. At times she may delegate a meeting or task based upon the content and fit. She is high excellence so you can rest assured anyone she works with won't disappoint.
What if I run out or don't use all of my hours in a month?
Monthly On-Demand Expert hours can be increased or decreased as often as you need to fit your objectives and priorities. Changes take effect the next calendar month. To maintain your commitment and consistency to Cybersecurity, SOC2, and Compliance, it is encouraged at the first of every month to schedule your time so it is not lost or forgotten. The hours reset at the beginning of each month with no roll over.
What if I need something you don't do?
If it's related to Cybersecurity, SOC2, Compliance, Technology, and a whole host of related disciplines, we have many partners and relationships in the marketplace to help point you to the best alternative.
Do you offer Cybersecurity, SOC2, Compliance hands-on help beyond the monthly on-demand expert?
Yes, Hotman Group is a full practitioner firm with many templates and tools to accelerate your Cybersecurity, SOC2, Compliance goals. In most cases, we provide fixed bids for specific projects and deliverables. Contact us so we can work with you to solution what you need in the timeframe you need it.
What are the other terms, or if I have additional questions?
What if I want to refer someone? Do you have an affiliate program?
We thank you for your referrals, and yes we do have an affiliate program. Send an email to firstname.lastname@example.org so we can get you the details and set you up.