Services Offered
For more than 25
years, clients have relied on the experiences of our
team and its predecessor organizations for solutions
to their ever-changing needs. We are privacy leaders
today because we have unrelentingly exceeded our
clients’ trust and their expectations throughout our
history.
Auditing:
Information Security and
Privacy Checkup: A quick and easy way to
get an external opinion on the state of your
information security and privacy regulatory
alignment and best practices. Read more
External Assessment of
Internal Controls: Meet the IIA standards
of external quality validation of your information
security and privacy controls. Read
more
Vendor Information Security and Privacy Audit: The
new regulations state that companies cannot rely on
contracts alone to assure privacy compliance. Reduce
your risk of a breach through fraud or negligence of
a vendor.
View pdf
Customized Privacy Audit:
Assure you’re taking reasonable steps to protect
your customers’ personal information.
Read more
Customized Information
Security Audit: As independent experts,
MRE can provide you with certification that your
controls really are protecting your business
according to COBIT or ISACA standards.
Read more
Consulting:
Information Security:
With Best Practice experience, MRE consultants will
aid you to close the gaps in your information
security processes.
Have someone contact me
Privacy Compliance:
Using IAPP best practices and federal and state
requirements, MRE helps you maintain compliance with
the ever-changing laws and regulations in the
privacy landscape.
Have someone contact me
Chief Privacy Officer
Outsourcing: If your organization
doesn’t have a Chief Privacy Officer, MRE can fill
that role, create a roadmap and put a privacy plan
in place. Read more
Business Audits & Analysis:
We help executives make significant improvements to
their overall performance by tackling their most
challenging issues.
Read more
Training
Information Security and Privacy Protection
Self-Assessment Program: A short,
easy-to-implement evaluation and training program
that will educate your employees on the basics of
information security and privacy administration.
Read more
Information Security and Privacy Training:
In a customized training program, MRE can work with
your organization to provide the right level of
training to those employees engaged with customer
data.
Have someone contact me
Technology and
Outsourcing Services:
Information Security and Privacy
Check-Up
Do you think you’ve got
adequate information security and privacy practices
in place but want to be sure you haven’t missed
anything? MRE’s experts can help you out with a
simple, inexpensive checkup. A few standard
interviews over a couple of days will give us what
we need to know to be able to give you an opinion on
how secure you are, and recommend if there are any
action steps you should take. You will have a
report back in two weeks outlining the major
findings. With that information, you can decide the
next steps to take in improving your internal
practices.
Back to top
Have someone contact me
External Assessment of Internal
Controls:
To comply with the IIA
standards, MRE can review your internal control
process and provide a qualified, independent opinion
of the information security and privacy practices
within your organization. Our knowledge of
information security and privacy regulations will
enhance your capability, and your internal audit
team will be better able to assess risk and protect
corporate assets and information.
Back to top
Have someone contact me
Customized Privacy Audit:
MRE will work with your
organization to ensure your compliance needs are
met. We understand the regulations. We understand
the technology. We can show you solutions that you
could implement very quickly that will not only
support your compliance requirements; they will
support your business. And after all, isn’t that
just as important? We help you narrow the trust gap
through the development of responsible and legally
compliant privacy practices
Our practice begins with the creation of a data
inventory and classification of personal and
health-related data. We map each data type to the
regulations that govern its protection and usage.
We evaluate your practices according to the
regulations that are currently being viewed as
industry best practices such as the Gramm-Leach-Bliley
act, the Teleservices Act, HIPAA, California SB1386,
ISO 17799 and COBIT Control Self-Assessment. We
follow the practices of the IT Governance Institute.
Back to top
Have
someone contact me
Customized Information Security
Audit:
In
a phased approach, MRE will works alongside your
appointed security team to provide an external audit
opinion on your information security and privacy
practices. It will begin with a review of the
documentation that has already been developed by
your team. Our audits cover the areas of technical,
physical and administrative security of the systems
that manage customer data.
Based on
the findings of the initial research, a series of
interviews are held with key individuals in the
organization. We examine the current information
security and privacy compliance internal audit and
evaluate against best practices and current and
pending privacy legislation. A risk assessment
report is be developed, along with a prioritized
action plan and recommendation.
Back to top
Have someone contact me
Chief Privacy Officer Outsourcing:
This ongoing service
begins with a pre-interview questionnaire and audit
checklist review. Three days of on-site interviews
give our experienced team the background necessary
to develop a privacy program. You will receive a
summary report including a review of the interviews,
an opinion on compliance, and follow up action
steps. We work closely with privacy legal experts
to review your privacy policy and provide end to end
privacy services. Our program includes employee and
vendor training, quarterly program reviews, and
ongoing monitoring of privacy regulation changes.
Back to top
Have someone contact me
Information Security and Privacy
Protection Self-Assessment Program
In
a phased approach, MRE will deliver a program aimed
at providing assurance that your employees and
vendors are protecting valuable corporate
information assets, and customer information,
according to the latest regulations and information
technology guidelines.
MRE will customize the self-assessment evaluation
and training program to meet your needs.
Customization will include developing a program to
address how your internal and external vendors are
complying to:
-
Existing Privacy policies of the corporation
-
Published Internal policies regarding
protection of data
-
Gathering and protecting data at each
contact point
-
Their service-level agreements (SLAs)
-
Update escrow accounts with version updates
and proprietary information assets
-
Specific concerns you have about the
protection of your information assets
MRE Enterprises will then implement and oversee a
self-assessment questionnaire process designed to
give you a view into the effectiveness of protection
over your customer information and proprietary
information assets. The questionnaires will be
summarized, and an information security opinion
report will be developed for client review.
MRE’s
information security and privacy training module is
designed to give attendees an overview of how they
should be protecting valuable customer and company
proprietary information. It will include a review
of the company’s privacy policy, and provide an
overview of the general regulations and escalation
procedures that should be followed in order to
successfully protect the company. Breach
notification practices will be presented during the
training session. Each attendee receives a privacy
checklist that gives them direction on how to
protect data, and what to do in when proprietary
company data may be lost or stolen. Each attendee
is tested to ascertain their knowledge of the
content provided during the training.
Back to top
Have someone contact me
