Compliance & Risk


FYRM helps our customers implement and assess security compliance with United States public laws, Executive orders and regulations, Industry best practices, and Federal Government standards and guidelines. From developing compliance plans to assisting the implementation of required controls, processes, and supporting technologies, FYRM can guide your organization to compliance no matter where you are now and where you need to be.

Virtual CISO

The most efficient path to meeting compliance requirements and implementing a strong security program is with our Virtual CISO service. Whether you need targeted management of key areas or projects, short-term support for transition periods, or comprehensive coverage of CISO responsibilities, our Virtual CISO service draws on the combined expertise of many to support you at a fraction of the cost.

Audit Support

Having sat on both sides of the table, we understand your audit pain and can provide relief with audit support services, both before, during and after an audit. We can project manage and lead your internal audit preparation efforts, and ensure requests by a third party auditor are reasonable, that the auditor respects the scope of the audit and that your time and resources are minimally affected throughout the duration of the audit.

Compliance & Risk

FYRM helps our customers implement efficient, effective, and compliant information security and risk management programs. From small business healthcare providers to large-scale energy producers to Fortune 500 companies and government agencies, our team helps customers design and implement custom programs to work in their unique environments and fit their specific needs. Whether you are building a program from scratch, enhancing specific components, or just need to do a little fine tuning, our team can help you create the information security, risk management, and compliance program that you want and need. FYRM has decades of experience implementing and reviewing information security, risk management, and compliance programs for customers of all sizes and in all industries. Our team includes former CISOs and others that are well-versed in implementing cost effective and efficient programs at small, medium, and large organizations. Additionally, FYRM regularly performs audits, assessments, pre-assessments, and other audit support services in all of the following compliance and regulatory standards:

  • Federal Information Security Management Act of 2002 (FISMA)
  • Federal Risk and Authorization Management Program (FedRAMP)
  • Payment Card Industry Data Security Standards (PCI DSS)
  • Health Insurance Portability and Accountability Act of 1996 (HIPAA)
  • National Institute of Standards and Technology (NIST) Special Publication (SP) Series 800 guidelines
  • Federal Information Processing Standard (FIPS) Publications
  • Office of Management and Budget (OMB) Circular A-130, Management of Federal Information Resources, in particular, Circular A-130, Appendix III, Security of Federal Automated Information Resources
  • International Organization for Standardization (ISO) / International Electrotechnical Commission (IEC) 27002 information security standard