
Riskcop Advisory LLC is a full-service risk management firm, specializing in governance, risk and compliance services (GRC), fraud investigation services, internal audit consulting, and control readiness reviews. We cater to large, medium, and start-up control environments.
Our team takes pride in having integrated risk accessory experience in cyber technology, IT general controls (ITGC), and operational, compliance, and financial risk. We have experience working with Fortune 500 companies. You can rely on us for quality service at all times.
Areas We Serve
United States
Canada
Mexico
Europe
What We Do
We perform risk, System and Organization Controls 1 (SOC 1), System and Organization Controls 2 (SOC 2) assessments, control readiness reviews, and security assessments. These include process walkthroughs, control design evaluation, and operational effectiveness testing. We carry these out under the following security standards:
- National Institute of Standards and Technology (NIST) 800-171
- International Organization for Standardization (ISO)
- Sarbanes-Oxley Act Section 404
Our team has worked with the following standards in an operational, risks, and security capacity for security and operations:
- Committee of Sponsoring Organizations (COSO)
- Control Objectives for Information and Related Technologies (COBIT)
- ISO 27001
- National Institute of Standards and Technology (NIST)
- Information Technology Infrastructure Library (ITIL)
- Payment Card Industry Data Security Standard (PCI DSS)
For privacy and vendor risk assessments, we use the Standardized Information Gathering (SIG) approach and work with these standards:
- Gramm-Leach-Bliley Act (GLB Act)
- Health Insurance Portability and Accountability Act of 1996 (HIPAA)
- Family Educational Rights and Privacy Act of 1974 (FERPA)
- EU General Data Protection Regulation (GDPR)
Potential data in scope:
- Personally Identifiable Information (PII)
- Customer Relationship Management (CRM)
- Credit Card Data (PCI)
- Protected Health Information (PHI)
- Merger / Acquisition Information (Secret)
Areas in scope include:
- Risk Assessment
- Physical Security
- Logical Security
- Application Security
- Database Security
- Website Considerations
- Encryption
- Data Leakage Protection
- Backup and Recovery
- Disaster Recovery
- Business Continuity
- Customer Service
- Cloud Considerations
(Public or Private) - Change Control
- Operational Control
- Internet Monitoring Controls
- And Many More
Trust Our Team
Reach out to us to secure a confidential consultation. With our risk management services, you can:
- Scope your IT, cyber, compliance or operational risk project or determine a needs analysis for any of these areas
- Discuss changing compliance or regulatory need with one of our experts
- Determine how to handle a customer complaint, alleged whistleblower fraud, or employee hotline tip
- Learn if your organization has been breached and what tools or solutions can be employed to ensure you are kept aware of future illicit activity should it occur
- Find a consulting firm that can outsource or co-source certain key business, security, or compliance activity
- Discover a firm that can work hand in hand with key leaders to ensure you are equipped for your next executive leader, audit committee, or board meeting