Cybersecurity & Compliance Expertise
We are a customer concentric, down-to-earth team, of cybersecurity experts. We value hard work, honesty, education, and integrity – treating others as we wish to be treated, wherever that may be (at work, home, or in our communities). At the core of Crafted Compliance is our team of experienced professionals, each hand-picked and vetted for their knowledge and expertise, as well as having a complement of overlapping skills and experience which allows us to collaborate effectively to bring the best solutions to our clients. We are passionate about what we do and stay on the cutting edge of new regulations, laws, and methodologies to always bring you the most current information and best in class service.
Enterprise Governance, Risk, and Compliance (eGRC) doesn't have to be difficult. Our experienced, results-driven teams will help your organization achieve, and maintain your compliance programs, reducing and/or eliminating the burden associated with complex frameworks/standards as we go.
SERVICES:
Penetration Testing/Vulnerability Scanning
Compliance Services (PCI-DSS, HIPAA, GDPR, FedRAMP, CMMC)
Cloud Security
Risk Advisory & Assessment Services
Business Continuity & Disaster Recovery
Physical & Logical Security
Open Source Intelligence
Identity Access Management
Security Operations Center (SOC) & Managed Security Services (MSS)
With decades of experience behind us, our world-class team has provided a variety of services to organizations in the United States and globally. We have shared our expertise with entities of all sizes - leaders in Oil & Gas, Banking/Finance, Entertainment, Hospitality, Healthcare, Federal, State & Local Government Agencies, Biotechnology, Manufacturing, Education, Retail, Transportation, and Non-Profits.
Our organization prioritizes advanced education, accreditations, and certifications as a means of keeping us on the cutting-edge of security and technology, which is exactly where you should expect your trusted advisors to be.
Recommended Providers
Focus
Reviews
the project
Cybersecurity Support for Cybersecurity Company
"They had a solid understanding of our environment and a clear plan on helping us achieve our goals."
the reviewer
the review
The client submitted this review online.
Please describe your company and your position there.
MSM-NET, INC. is a growing Cybersecurity Company.
For what projects/services did your company hire Crafted Compliance, Inc.?
Projects that involved physical and logical security assessments (vulnerability scanning/penetration testing), ISO 27001 and NIST compliance assessments (gap analysis/cybersecurity program development), and technical advisory work.
How did you select this vendor and what were the deciding factors?
Crafted Compliance/RedPenSec was recommended to my organization by a cybersecurity/eGRC (Enterprise Governance, Risk, and Compliance) industry expert and we have been working with them since.
Crafted Compliance, Inc. has provided and executed several proposals that were comprehensive, transparent, and most aligned with our business goals and objectives. After working with several other companies, we felt most comfortable working with Crafted; they had a solid understanding of our environment and a clear plan on helping us achieve our goals.
Describe the project in detail and walk through the stages of the project.
Crafted Compliance has completed several projects for us within the eGRC space. They have also served as technical SMEs for our organization, helping us field and lead discussions related to the GSA’s Highly Adaptive Cybersecurity Services (HACS) and Information Technology Professional Services, to include the following practice areas:
- Penetration Testing
- Incident Response
- Cyber Hunt
- Risk & Vulnerability Assessments (RVA)
- NIST SP 800-14
- Generally Accepted Principles & Practices for Securing Information Technology Systems
- NIST SP 800-27A (Engineering Principles for Information Technology Security – Baselines for Achieving Security)
How many resources from the vendor's team worked with you, and what were their positions?
We mainly worked with three resources, plus their executive team:
- Principle
- Global Security Assessor/Auditor
- Architect; Lead, Global Security Compliance Assessor
- Cyber-Investigations Specialist
- Information Security Compliance Assessor
Can you share any outcomes from the project that demonstrate progress or success?
The work that was completed by Crafted Compliance/RedPenSec allowed my organization to achieve our GSA/MAS Schedule, which has been in the works for several years now and couldn’t have been obtained without them, considering the tight timeframe and level of expertise needed.
How effective was the workflow between your team and theirs?
The workflow was highly adaptive and agile. Crafted Compliance’s communicative style has been pivotal throughout our projects
What did you find most impressive or unique about this company?
Experience, expertise, and rapid execution. The depth and breadth of their cybersecurity/compliance knowledge are extremely impressive, as is their global experience. Their portfolio is impressive/comprehensive.
Are there any areas for improvement or something they could have done differently?
I really can't think of anything. They were absolutely amazing, a truly elite team of eGRC professionals.
the project
Cybersecurity Services for Tech Company
"They felt like an extension of our organization."
the reviewer
the review
The client submitted this review online.
Please describe your company and your position there.
I am a member of the executive team for a global technology company.
For what projects/services did your company hire Crafted Compliance, Inc.?
We’ve worked with Crafted Compliance on various internal cybersecurity/compliance concentric projects over the years. They have always taken the time to understand our objectives, bringing us perfectly tailored plans that addressed our concerns, providing us with actionable solutions.
How did you select this vendor and what were the deciding factors?
Crafted Compliance was recommended to us by one of our board members who had worked with them at another company. We immediately liked their enthusiasm, expertise and ideas that felt more aligned with our business mission than the other firms we’d talked with and felt that their team would be the most effective partner for our needs.
We continue to work with them because we appreciate their customized methodologies and creative approach to helping us reach the results we desire. They have always been available to us for questions, providing expert guidance and support during each engagement.
Describe the project in detail and walk through the stages of the project.
We have worked with Crafted Compliance on a number of compliance driven initiatives, some of which required risk assessments, penetration testing and vulnerability scanning. They also performed some on-site interviews and physical security testing.
How many resources from the vendor's team worked with you, and what were their positions?
We worked with up to 5 people on any given project, depending on the size and scope of the initiative. Therefore, we were assigned resources from their PMO, technical testing teams, auditors, assessors, and a vCISO to help us carve out our overall cybersecurity strategy.
Can you share any outcomes from the project that demonstrate progress or success?
Some of our projects had very tight timelines with limited budgets and Crafted was able to help us achieve our goals within these constraints. We continue to use them for our yearly compliance reviews and monthly vulnerability scanning requirements.
How effective was the workflow between your team and theirs?
The workflow was carefully mapped out starting with the Statement of Work which was nicely integrated with the associated Project Plan. Expectations, milestones, and dependencies were clearly spelled out with a schedule to meet our timelines. The technical testing was broken out separately, yet run in parallel with other projects, ultimately allowing for the completion of both programs in a timely manner.
What did you find most impressive or unique about this company?
Crafted didn’t feel like one of our usual vendors or third-party assessors, they felt like an extension of our organization.
Are there any areas for improvement or something they could have done differently?
Ultimately, we are very happy with our experience and will continue to use them.
the project
Risk Management Services for Consulting Company
"The attentiveness and in-depth questioning were greatly appreciative of what our end goal objectives were."
the reviewer
the review
The client submitted this review online.
Please describe your company and your position there.
I'm the principle consultant at Skyttech S.A. in Ecuador. Skyttech is a consulting company that provides Governance, Risk, and Compliance services. In addition to providing guidance, we also provide assessments, recommendation services and evaluations on security posture to them as well.
For what projects/services did your company hire Crafted Compliance, Inc.?
Our company is entering the market, and we needed additional help in setting up the Risk Management services that will be marketed to our clients and potential clients in Ecuador.
We needed a more professional feel in not only the presentation processes to potential clients, but also a more robust and impactful documentation and framework templates.
How did you select this vendor and what were the deciding factors?
We selected crafted compliance due to the fact that they were able to provide the update documentation we requested, but also provided additional guidance on which frameworks would work best for specific clients, and how to utilize their template builds to output a strong professional presence.
Describe the project in detail and walk through the stages of the project.
We requested updated templates for several Risk Management frameworks, the NIST 800-53, CSF, and a simple 15 question questionnaire that we can provide to smaller IT shops.
We were presented with 2-3 option variations on an intake sheet to track, with variable outcome results tab to show status, input recommendations on how to lower risk footprint, and then populate out to dashboard for "at a glance" review and analysis of current Risk standing.
The end resulting templates and document outputs are easy to understand, use, and translates well for introductory stance to IT and IT risk processing that we were wanting to break into the market with.
How many resources from the vendor's team worked with you, and what were their positions?
Steve Strater, the Director was our chief point of contact. He provided a single point of contact that kept the process flowing and answered all our questions regarding timeline, expectations, and final products.
Can you share any outcomes from the project that demonstrate progress or success?
The provided templates in a few proposals to prospective clients have attracted more interest in the Risk Management practices of our organization, as well as demonstrations of the process net a lean 20% reduction that helps streamline the entire artifact collection, interview, and assessment process.
How effective was the workflow between your team and theirs?
Everything was smooth and without issues. Communications were done via phone call, chat messaging, or video chat when they demonstrated the various template proposals.
What did you find most impressive or unique about this company?
I appreciated the time they invested in to learning about my business, our newness into the industry, and that the documents will be translated into another language for end use. The attentiveness and in-depth questioning were greatly appreciative of what our end goal objectives were.
Are there any areas for improvement or something they could have done differently?
Not at this time. We do have an evaluation period of end use product still to evaluate, and if any improvements or changes are identified at that time, we will approach them again and inquire if they are within the "base functional updates" that we have on retainer currently.
Other than that, other changes or additions would be out of scope for the project we did.
the project
Cybersecurity for Web Design Agency
"The have kept us updated throughout the whole process."
the reviewer
the review
The client submitted this review online.
Please describe your company and your position there.
I am the owner of a small web design agency
For what projects/services did your company hire Crafted Compliance, Inc.?
Crafted Compliance performed several services for our firm including a NIST/ISO Gap Assessment, Penetration Testing, Vulnerability Scanning and a web application test against our servers and networks.
How did you select Crafted Compliance, Inc., and what were the deciding factors?
We interviewed several firms and felt that Crafted Compliance was the most qualified and seemed to best understand our environment, goals and objectives. Their team was compassionate, knowledgeable, and quick to respond to our requests. Their pricing was fair and fit our budget. We were confident we had found the right firm.
Describe the project in detail and walk through the stages of the project.
Due to the nature of the project, and as to not breach our NDA, we won't share specifics. However, Crafted was comprehensive and multi-faceted in their approach and methodology. We met with Crafted regularly throughout the project from the initial scoping calls through to delivery. The final reports were detailed yet easy to understand and of great value to our organization as they used a no-nonsense risk-based approach to clearly outline a road map of what we needed to do and how we needed to do it.
How many resources from the Crafted Compliance, Inc.'s team worked with you, and what were their positions?
We collaborated with our assigned resources were available to us when we needed them, and we had regularly scheduled progress calls. Our project team consisted of a technical PM, compliance lead and an ethical hacker.
Can you share any outcomes from the project that demonstrate progress or success?
We are extremenly pleased with Crafted's approach and the results achieved. Their team was professional and easy to work with, exceeded our expectations and delivered on time. We are very happy with the outcome of our engagement.
How effective was the workflow between your team and theirs?
Seamless. Their team was always quick to respond to our requests and proactive in communicating with us during our engagement.
What did you find most impressive or unique about this company?
We loved their professionalism, depth of knowledge, creative approach, and easy communication style. They were genuinely interested in achieving results and helping our company from a global perspective and felt like more of a partner than vendor.
Are there any areas for improvement or something they could have done differently?
We didn't run into any issues and were very pleased with the entire interaction.
the project
Security Assessment for Cybersecurity Services Company
"Upon completion, they accurately delivered their finding and remediation recommendations."
the reviewer
the review
The client submitted this review online.
Please describe your company and your position there.
SVP Strategic Partners for full service cyber security managed services company
For what projects/services did your company hire Crafted Compliance, Inc.?
We were looking for an external company to conduct a cyber security assessment for a potential manged services customer. Assessment with policy and procedures was the project.
How did you select this vendor and what were the deciding factors?
After interviewing several companies we decided that the expertise and experience from Crafted Compliance was the correct fit for this opportunity.
Describe the project in detail and walk through the stages of the project.
The project consisted on a comprehensive security assessment of the internal and external IT infrastructure. Alignment with NIST compliance controls. Upon completion, they accurately delivered their finding and remediation recommendations. Client was complimentary of their detail and deliverables. Client is implementing many of the recommendations and enhancements.
How many resources from the vendor's team worked with you, and what were their positions?
Resource team consisted of 2 senior level cyber security certified professionals, certified project manager and professional security services writer.
Can you share any outcomes from the project that demonstrate progress or success?
Project delivered exactly what the client needed and expected.
How effective was the workflow between your team and theirs?
Our two teams worked seamlessly each taking the lead from project management on SLA's and responsibilities.
What did you find most impressive or unique about this company?
Their complete understanding of multiple industries as well as their understanding of many compliance regulations and the cross walk between those. NIST, ISO, HIPAA, PCI, CMMC to name a few.
Are there any areas for improvement or something they could have done differently?
While nothing is perfect Crafted Compliance meet our requirements in every way.
Crafted Compliance, Inc.’s efforts helped the client successfully fulfill their contracts. Their communicative, adaptive, and agile approach resulted in a smooth workflow. They offered expertise in cybersecurity and compliance on top of rapid execution and top-notch customer service.