Punctuate Systems, Inc. assists government agencies, organizations, non-profits and commercial businesses with the full life-cycle of the Certification and Accreditation Risk Management Framework process throughout all four phases of the Information Assurance process as recommended by the National Institute of Standards and Technology (NIST).
Certification and Accreditation Planning and Support:
Our Information Assurance professionals are appropriately certified in the Information Security functional areas and posses the necessary clearance levels for the program, project, or task needed. Each potential Punctuate Systems Security Professional completes a thorough screening and background investigation prior to joining our team. Furthermore, current Punctuate Systems Security Professionals have a broad range of Security Certifications. Certifications currently held by most Punctuate Systems employees include:
Primary Services Offered:
- Certified Information Systems Security Professional (CISSP)
- CompTIA Security+
- Information System Security Management Professional (ISSMP)
- Certification and Accreditation Professional (CAP)
- Certified Information System Manager (CISM)
- Certified Business Continuity Professional (CBCP)
We offer Information Assurance consulting, auditing, and staff augmentation services within our following core capabilities:
- Policy and Procedure Development
- Information Security Management
- Business Continuity Planning - (BCP)
- Disaster Recovery
- Risk Management
- Continuous Monitoring and Reporting
- Security Awareness and Training
The Federal Information Security Management Act of 2002 ("FISMA", 44 U.S.C. § 3541, et seq.) is a United States federal law enacted in 2002 as Title III of the e-Government Act of 2002 (Pub.L. 107‐347, 116 Stat. 2899). The Act is intended to strengthen computer and network security within the Federal Government and affiliated parties (such as government contractors) by mandating information security controls and periodic audits and reviews.
Policy and Procedure Development:
Our team will establish policies and procedures that are based on risk assessments, reduce information security risks to an acceptable level for your organization, and ensure that information security is addressed throughout the life cycle of each information system. Our team of security professionals will also perform periodic risk assessments of your organization as needed for all of your sites, applications and systems to help identify all potential security threats and risks.
Information Security Management:
We will provide your organization with a team of Information Security Management and Information Technology (IT) specialists, analysts and engineers who are accountable for safeguarding all data and communications that are stored and shared on your network systems. We will plan for security at the very beginning during a new system start-up or implement security to your organizations existing network/system. We will perform periodic testing and evaluate the effectiveness of information security policies, procedures, practices, and review security controls for all of your information systems.
Business Continuity Planning (BCP):
We support organizations in identifying their exposure to internal and external threats, and we provide effective prevention and recovery solutions for your organization while maintaining your business continuity, systems integrity and confidentiality. We will create plans and procedures to ensure continuity of operations for information systems that support the operations and assets of your organization.
Every business and organization is vulnerable to experiencing a serious incident, which could prevent it from continuing normal business operations. We assist organizations with creating comprehensive backup and recovery policies and procedures to safeguard against potential data loss.
NIST has created a set of standards and guides which create a Risk Management Framework for agencies to manage organizational risk in accordance with FISMA requirements. This framework sets forth an approach to security control selection and specification with consideration to effectiveness, efficiency, and constraints.
Our team of professionals will assist your agency in controlling risks by helping you identify and perform the following actions:
Our team of professionals will help your agency with the Continuous Monitoring phase to ensure all accredited systems stay complainant during all system changes, patches, upgrades or replacements. Through continuous monitoring of the operations and controls, weak or poorly designed or implemented controls can be identified and corrected or replaced during this comprehensive process.
Security Awareness and Training:
We will conduct security awareness training to inform personnel of the information security risks associated with their activities and their responsibilities in complying with organizational policies and procedures designed to reduce these risks.
Contact us for more information.