The clarity, the insight, and the confidence you need to secure the most rewarding business opportunities.

The truth about CMMC? It’s a critical component of the contemporary manufacturing reality, especially when you’re building for the federal government. If you’re anywhere in the DoD supply chain, CMMC is the ante to stay in the game. 

And here’s another truth: Certification can be daunting. The amount of information, objective evidence, necessary policies and procedures, and the scrutiny of an audit are well outside the experience of many organizations. Getting (and staying) certified takes a significant shift in business management and culture. 

But here’s the most important truth: Monarch ISC will help get you over the wall. Our Advisors have combined over 40 years of professional field experience and cybersecurity intelligence. Our real-world strategies will decipher CMMC 2.0 and help you achieve and sustain your certification. 

Clarity. Insight. Confidence. Everything you need for success. Talk to us today.

Security Catapult. The best CMMC compliance tool available. Period.

Our cloud-based CMMC 2.0 Security Catapult takes you through an in-depth gap assessment interview to establish your current compliance baseline. As you realize your target maturity, Security Catapult supports your efforts by tracking and documenting all aspects of your cybersecurity program. 

 This is not just another “yes or no” spreadsheet disguised as a web app. Security Catapult is a powerful, intuitive, interactive tool for developing the specific practices you need to move past simple “compliance,” and help you establish a mature cybersecurity program that will support your business strategy.

As you move through the process, Security Catapult will ask the same questions an auditor would ask. And as you answer, Security Catapult documents your new policies, generates your security plans, establishes milestones, assigns responsibilities, sends task reminders, and tracks their timely completion. Plain-English explanations by our certified subject-matter experts make understanding complex NIST and CMMC language a breeze. 

Security Catapult is easy enough to be used as a self-assessment tool. Or, you can choose to work with a Monarch Advisor. Our allied approach will enhance your Catapult experience, providing guidance and advice on how to integrate the CMMC 2.0 domains, manage and schedule the assessments, and help you deploy the many required security practices into your business operations. 

Level 1 is free. You need this. Find out your compliance status today.

Certification Readiness Assessment

Because certification is required for all DoD contractors and subcontractors, now is the time to start the certification process with a Monarch CMMC 2.0 Readiness Assessment. 

Our cybersecurity experts know the process inside and out. We’ll take the mystery and anxiety out of certification and get you to the maturity level you require. It all starts with a review of your current compliance status. Schedule your readiness assessment today.

Security Foundations

Monarch’s System Security Plans and Policies are in force with leading financial institutions, healthcare facilities and DoD contractors. Our programs are rock-solid – with over two decades of regulatory scrutiny and audits, they’ve passed every test, every time. We can help you create a new cybersecurity program or dramatically improve your existing one. 

Our Vendor Management plans are the bedrock of validating supply chain cybersecurity practices throughout the Defense Industrial Base. Your legal team may not fully understand cybersecurity requirements, and your cybersecurity team may not have the resources to review the security posture of all your subcontractors. Let us do the work for you.

Advisory Consulting Services

Virtual Information Security Officer, or V-ISO, is our most engaged and complete offering. You select the services you need – anything from core components to our full range of offerings – and the level of engagement you prefer. We become an extension of your team, effectively bringing Monarch’s specialized services in-house. You get unrestricted email and phone access to your dedicated Monarch advisor – a senior information and cybersecurity professional with a minimum of 20 years’ experience. You also get monthly meetings, process tracking and reporting, privileged pricing, and much more.

Cybersecurity Awareness Training

People are both the strongest and weakest aspects of any cybersecurity program. Do your people understand cyber-risk? Do they know how cybercriminals operate? Do they realize that one click on the wrong link can circumnavigate, cripple, or completely disable your investments in protective security technology?

Monarch ISC professionals deliver the most effective cybersecurity training available. Your people need to know how important they are in defending your institution from harm, and we can quickly bring them up to speed. Monarch’s live, instructor-led training sessions will strengthen your entire organization, from the cubicle to the board room. Get the skills and insight you need to tackle any cybersecurity challenge.

Your message has been successfully sent

Unable to send.

V-ISO Services

V-ISO is our most engaged and complete service offering at Monarch ISC. You select the components, and we execute an annualized program acting as an outsourced member of your internal team.

This package may include everything we offer, or any of several sets of core program components. We bundle your choices, provide privileged pricing, and schedule our year together to build the program foundations. Once the foundations are built, we move into Sustainability Mode, still providing whatever level of engagement you choose.

What’s included?

  • Unrestricted access to your advisor by email or phone for your day to day questions.
  • A monthly meeting to ensure progress is steady. We can act as leader, facilitator, secretary, and/or taskmaster, that’s up to you.
  • Process tracking beyond the monthly meeting.
  • Reporting formatted for any organizational level.
  • A senior certified information / cyber security professional with at least 20-years of experience working with financial services organizations, healthcare practices and systems, and DOD contractors.

Contact Us

Or Schedule Consultation Today

Documents, Policies & Plans

Our highly effective policies and plans are currently in-force at banks, credit unions, healthcare facilities, and DoD contractors. Our careful iterative process ensures your organization is understood before the writing begins. Your policies and plans need to express actual practices, not some templatized check-box fantasy that bears little resemblance to your unique organization.

We will work with you to create a new Information Security Program, or dramatically improve your existing program or any component to include:

  • Information Security Policy
  • Incident Response Plan
  • Security Plan(s)
  • Business Continuity/Disaster Recovery Plans
  • Vendor Management Plan
  • Pandemic Response Plan

Monarch ISC Information Security Program documents have undergone two-decades of regulatory and audit scrutiny, passed every test, and set the standard. They are the bedrock on which you will build your information security program.

Contact Us

Or Schedule Consultation Today

Cybersecurity Training

People are your weakest link. We deliver effective training to any organizational group to strengthen the whole chain, from end-users, to IT Professionals, to Board of Directors, and every level in-between. Everyone must gain awareness and develop the skills needed in their roles to make an organization resilient to adverse events and incidents.

Our live instructor-led training sessions:

  • Are customized for your organization.
  • Cover all regulatory required material, current threats, Cybercriminal profiles and processes, and of course how to defend against nearly constant attempts by the bad guys to disrupt your mission.
  • Are conducted via video conferencing and recorded for your unrestricted internal use.

Engage us to follow-up the training with phishing email test campaigns to measure the effectiveness of our training too! We’re confident you’ll see results!

BUY NOW, Contact Us or Schedule Consultation Today

Contact Us

HIPAA Compliance Assessment

You made sure your Electronic Medical Record (EMR) system was HIPAA-compliant. Did you know that is just the first step in making your practice HIPAA-compliant?

You take great care of your patients, and you know that means taking great care of your patients’ sensitive personal data, too. But complying with the federal Health Insurance Portability and Accountability Act (HIPAA) can be as complicated as some of the things you learned in medical school.

Monarch Information Security Consulting understands what the law demands of you and your practice, can evaluate what you need to do to meet those expectations, and will create a customized and easy-to-understand plan for you to achieve complete HIPAA compliance and get back to caring for your patients with confidence.

Our consultants have over 40 years of experience in identifying, evaluating, and remediating HIPAA compliance. We take the time to get to know you and your organization, and we create a comprehensive map of your entire data flow. We pinpoint your vulnerabilities and infractions, we provide a smart, straightforward plan to achieve sustainable, HIPAA compliant data security, and we stand by you and our work in the event of an audit.

Contact Us

FFIEC CAT Assessment

The FFIEC Cybersecurity Assessment Tool measures the maturity of your financial institution’s information security program. The tool helps define your current inherent risk profile and assess your compliance status across the security domains. 

It can be a daunting exercise to complete.

We can help!

Our experts work with your team to complete the assessment and document any gaps in compliance. We will build a timeline for remediation, and can assist with training, risk assessments, policy building, business continuity exercises, board reporting, and more. Our work will fill the gaps and increase your maturity level. 

Contact Us

CMMC Assessment

The Cybersecurity Maturity Model Certification (CMMC) has been released!

The certification will be required for all Department of Defense contractors AND sub-contractors. Audits will begin in 2020. The audit timelines and the list of approved auditors have not been released.

Special Note: DoD Guidance for self-assessment scoring has been updated! You will need to provide your self-assessment (Basic) of the NIST 800-171 guidance to the Supplier Performance Risk System (SPRS). The system is online NOW! Do you know your score?

NOW is the time to start the certification process, so contact us for a free consultation.
For many organizations this is a strange new world. Data security requirements have been in place for banks, merchants accepting credit cards, and healthcare organizations, but never have manufacturers and other government contractors with unclassified information faced this type of scrutiny.
This can be an overwhelming amount of work.
The certification domains cover a wide variety of topics from Asset Management to System and Information Integrity. You will need to implement the correct controls, write the appropriate policies, and keep track of your compliance activities in preparation of an audit. Failure to be certified will mean thousands, or millions, of dollars in lost government contracts.

Monarch ISC can help.

Schedule Consultation