[oxilab_flip_box id="3"] An example on how to audit AI Bias using a Black Box approach Each algorithm and related processes associated with training the AI must be evaluated to determine a strategy to test the AI algorithm for bias. We are auditing AI Bias (the...

Sign up to receive our weekly newsletter and stay up-to-date on industry news, events, our latest articles, and staffing/recruiting opportunities!
SOX Compliance
SOX compliance - Specific to IT: leveraging IT best practices (e.g. COBIT framework-specific control objectives), our IT auditors apply a common-sense approach when reviewing your IT general and IT application controls. On the accounting/business process side: we...
DOL Cyber Security Audit
Best Practice Guidelines or Mandatory Requests Although the DOL’s new guidance is considered a “best practice”, do not be mistaken by the syntax, as now that we are over a year into these new rules, it has become clear that these “guidelines” should actually be...
IT Audit
Our team is made up of IT Audit Professionals with prior IT professionals (e.g. Developers, Systems Engineers, DevOps, etc.) to ensure you obtain the expertise required to document and perform the testing like an auditor (e.g. understanding of auditing standards) but...
Sarbanes-Oxley (SOX)
Specific to IT, Leveraging IT best practices (e.g. COBIT framework-specific control objectives), our IT Auditors apply a common-sense approach when reviewing your IT general and IT application controls. On the accounting/business process side, we leverage our...
ISO27001 Readiness and Remediation
Many organizations do not have the in-house expertise and/or bandwidth to manage an ISO 27001 implementation. Many companies find challenges in adopting the standard while remaining mindful of costs. Our team specializes in Information Technology Compliance Frameworks...
HIPAA HITECH
With the addition of HITECH, State Attorney Generals gained the ability to pursue civil and criminal enforcement of HIPAA violations. Through the Department of Health and Human Services (HHS), the Office of Civil Rights Division (OCR) trains the State Attorney...
HITRUST
How Do We Partner With You? Elevate provides security strategy, process, and implementation services to help improve your information security needs. Regarding HITRUST CSF certification, we can assist you in the following ways: Scope Definition and Documentation We...
Physical Security
Physical Penetration Tests find and exploit the vulnerabilities within a company’s physical controls and barriers. A Physical Security Test is a non-invasive1, comprehensive assessment of all the Physical Security controls in place at a facility or location. Depending...
Security Awareness and Training
KnowBe4 is your platform for new-school security awareness training. With this new-school integrated platform, you can train and phish your users, and see their Phish-prone percentageTM improve over time, and get measurable results. Baseline Testing Baseline testing...
Penetration Testing
Improve Your Security Posture and Protect Your IT Assets By engaging in Penetration Testing Services, you will be taking a giant leap towards achieving stronger security controls. Both automated and manual testing technologies are utilized to identify vulnerabilities....
IT Vulnerability Scanning
Vulnerability vs. Penetration Testing It is important to note that vulnerability scans/assessments are different from penetration tests. Penetration tests add manual exploitation of vulnerabilities to determine what information is exposed and for lateral movement...
SOC 2 Compliance
The Common Criteria/Security of the AICPA Trust Service Principles must be included in a SOC 2 report, with additional criteria available. Common Criteria/Security - The system is protected against unauthorized access, physically and logically Availability - The...
SOC 1 / SSAE 18
Any report opinion issued on or after May 1, 2017, will be issued under the SSAE 18 standard. Two types of SOC 1 reports exist: Type I: Test of Control Design Effectiveness (A period of time) Type II: Test of Control Operating Effectiveness (During a period of time of...
Social Engineering
Social Engineering provides you with the information it needs to: Remediate physical and electronic vulnerabilities that put your data, employees, and company at risk Focus security awareness training programs on the areas and technologies that pose the greatest risk...
Web Application Security Testing
Elevate can provide the following Web Application Security Testing Services: Web Application Penetration Testing (credentialed, non-credentialed) Web API (Application Programming Interface) Penetration Testing Web Application Penetration Testing These tests are...
Wireless Security Assessment
The deployment of a wireless network within your organization can introduce additional risks that need to be properly managed. Our Process: Elevate will conduct configuration reviews, technical testing, and scanning for rogue AP detection. We will first passively...
SWIFT CSP V2023
The CSP focuses on three mutually reinforcing areas: Secure and Protect Share and Prepare Prevent and Detect While all institutions are responsible for protecting their own environment, SWIFT’s CSP mission is to support the global financial community in the fight...
Virtual CISO
The offering is unique and tailored to each client. It is typically structured in one of two ways: Virtual CISO is for companies that do not have dedicated security staff and want assistance in maturing their organization and reducing risk. Elevate would provide a...
Cloud Security
Under the public cloud shared responsibility model, your provider enables infrastructure and foundation compute, storage, networking, and database services, as well as other higher-level services. These providers enable a range of security services and features to...
GLBA – Gramm-Leach-Bliley Act
GLBA Risk Assessments When non-compliance is not an option. In October of 2021, the Federal Trade Commission (“FTC”) issued guidance on Standards for Safeguarding Customer Information (‘‘Safeguards Rule’’) which affects the GLBA Risk Assessments. To read more about...
FedRAMP – Federal Risk and Authorization Management Program
WHO NEEDS FedRAMP? Any CSP that plans on conducting business with a US Government Agency needs to hold a FedRAMP Authority to Operate (ATO). Additionally, FedRAMP certification may boost any client's confidence in security processes as it demonstrates a continual...
ISO 9001:2015 Quality Management Systems
Consistency and quality are a must to achieve the certification of this standard. Achieving the ISO 9001 certification is a valuable marketing tool, specifically for Software as a Service (SaaS) and Cloud Solution providers, where your customers not only expect but...
DFARS Compliance
To meet the minimum requirements, DoD contractors must: Provide adequate security, and Conduct cyber incident analysis and reporting Adequate Security is provided by implementing “protective measures that are commensurate with the consequences and probability of loss,...
CCPA Compliance
CCPA Compliance and Data Privacy CCPA Compliance law protects all personal information that identifies, relates to, describes, is capable of being associated with, or may reasonably be linked, directly or indirectly, with a particular consumer or household. There are...
CMS DE and EDE Pathway
In this article, we discuss CMS DE and EDE Pathway. Background Direct Enrollment (DE) permits consumers to purchase a Marketplace health plan from a source other than Healthcare.gov; however, the process was cumbersome - consumers had to be redirected to...
CSA STAR Certification
Criteria and Scoring CSA STAR uses a “technology-neutral” approach leveraging the ISO/IEC 27001 control criteria and adding Cloud-specific controls from best practices and leading standards and regulations. All these controls are mapped in the Cloud Control Matrix or...
SEC and Broker Dealers
FINRA reviews a company's approaches to cybersecurity risk management, including: Technology governance System change management Risk assessments Technical controls Incident response Vendor management Data loss prevention Staff training At Elevate, we work with...
CMMC Readiness
The updated CMMC 2.0 framework (CMMC Readiness) will be more streamlined, eliminating both Levels 2 and 4, which were considered “transition levels” and creating a leaner model consisting of only 3 tiers; Foundational, Advanced, and Expert. The DoD feels that the CMMC...
FedLine Security Controls
Within the Fedline Solutions catalog, there are four different products that are offered, and while no clients should ever require all four, there may be occasions where more than one product is necessary for payment processing. For each of the products, there are...