Crafted Compliance, Inc.

Please describe your company and your position there.

SVP Strategic Partners for full service cyber security managed services company

For what projects/services did your company hire Crafted Compliance, Inc.?

We were looking for an external company to conduct a cyber security assessment for a potential manged services customer. Assessment with policy and procedures was the project.

How did you select this vendor and what were the deciding factors?

After interviewing several companies we decided that the expertise and experience from Crafted Compliance was the correct fit for this opportunity.

Describe the project in detail and walk through the stages of the project.

The project consisted on a comprehensive security assessment of the internal and external IT infrastructure. Alignment with NIST compliance controls. Upon completion, they accurately delivered their finding and remediation recommendations. Client was complimentary of their detail and deliverables. Client is implementing many of the recommendations and enhancements.

How many resources from the vendor's team worked with you, and what were their positions?

Resource team consisted of 2 senior level cyber security certified professionals, certified project manager and professional security services writer.

Can you share any outcomes from the project that demonstrate progress or success?

Project delivered exactly what the client needed and expected.

How effective was the workflow between your team and theirs?

Our two teams worked seamlessly each taking the lead from project management on SLA's and responsibilities.

What did you find most impressive or unique about this company?

Their complete understanding of multiple industries as well as their understanding of many compliance regulations and the cross walk between those. NIST, ISO, HIPAA, PCI, CMMC to name a few.

Are there any areas for improvement or something they could have done differently?

While nothing is perfect Crafted Compliance meet our requirements in every way.

Please describe your company and your position there.

I am a member of the executive team for a global technology company.

For what projects/services did your company hire Crafted Compliance, Inc.?

We’ve worked with Crafted Compliance on various internal cybersecurity/compliance concentric projects over the years. They have always taken the time to understand our objectives, bringing us perfectly tailored plans that addressed our concerns, providing us with actionable solutions.

How did you select this vendor and what were the deciding factors?

Crafted Compliance was recommended to us by one of our board members who had worked with them at another company. We immediately liked their enthusiasm, expertise and ideas that felt more aligned with our business mission than the other firms we’d talked with and felt that their team would be the most effective partner for our needs.

We continue to work with them because we appreciate their customized methodologies and creative approach to helping us reach the results we desire. They have always been available to us for questions, providing expert guidance and support during each engagement.

Describe the project in detail and walk through the stages of the project.

We have worked with Crafted Compliance on a number of compliance driven initiatives, some of which required risk assessments, penetration testing and vulnerability scanning. They also performed some on-site interviews and physical security testing.

How many resources from the vendor's team worked with you, and what were their positions?

We worked with up to 5 people on any given project, depending on the size and scope of the initiative. Therefore, we were assigned resources from their PMO, technical testing teams, auditors, assessors, and a vCISO to help us carve out our overall cybersecurity strategy.

Can you share any outcomes from the project that demonstrate progress or success?

Some of our projects had very tight timelines with limited budgets and Crafted was able to help us achieve our goals within these constraints. We continue to use them for our yearly compliance reviews and monthly vulnerability scanning requirements.

How effective was the workflow between your team and theirs?

The workflow was carefully mapped out starting with the Statement of Work which was nicely integrated with the associated Project Plan. Expectations, milestones, and dependencies were clearly spelled out with a schedule to meet our timelines. The technical testing was broken out separately, yet run in parallel with other projects, ultimately allowing for the completion of both programs in a timely manner.

What did you find most impressive or unique about this company?

Crafted didn’t feel like one of our usual vendors or third-party assessors, they felt like an extension of our organization.

Are there any areas for improvement or something they could have done differently?

Ultimately, we are very happy with our experience and will continue to use them.

Please describe your company and your position there.

I'm the principle consultant at Skyttech S.A. in Ecuador. Skyttech is a consulting company that provides Governance, Risk, and Compliance services. In addition to providing guidance, we also provide assessments, recommendation services and evaluations on security posture to them as well.

For what projects/services did your company hire Crafted Compliance, Inc.?

Our company is entering the market, and we needed additional help in setting up the Risk Management services that will be marketed to our clients and potential clients in Ecuador.

We needed a more professional feel in not only the presentation processes to potential clients, but also a more robust and impactful documentation and framework templates.

How did you select this vendor and what were the deciding factors?

We selected crafted compliance due to the fact that they were able to provide the update documentation we requested, but also provided additional guidance on which frameworks would work best for specific clients, and how to utilize their template builds to output a strong professional presence.

Describe the project in detail and walk through the stages of the project.

We requested updated templates for several Risk Management frameworks, the NIST 800-53, CSF, and a simple 15 question questionnaire that we can provide to smaller IT shops.

We were presented with 2-3 option variations on an intake sheet to track, with variable outcome results tab to show status, input recommendations on how to lower risk footprint, and then populate out to dashboard for "at a glance" review and analysis of current Risk standing.

The end resulting templates and document outputs are easy to understand, use, and translates well for introductory stance to IT and IT risk processing that we were wanting to break into the market with.

How many resources from the vendor's team worked with you, and what were their positions?

Steve Strater, the Director was our chief point of contact. He provided a single point of contact that kept the process flowing and answered all our questions regarding timeline, expectations, and final products.

Can you share any outcomes from the project that demonstrate progress or success?

The provided templates in a few proposals to prospective clients have attracted more interest in the Risk Management practices of our organization, as well as demonstrations of the process net a lean 20% reduction that helps streamline the entire artifact collection, interview, and assessment process.

How effective was the workflow between your team and theirs?

Everything was smooth and without issues. Communications were done via phone call, chat messaging, or video chat when they demonstrated the various template proposals.

What did you find most impressive or unique about this company?

I appreciated the time they invested in to learning about my business, our newness into the industry, and that the documents will be translated into another language for end use. The attentiveness and in-depth questioning were greatly appreciative of what our end goal objectives were.

Are there any areas for improvement or something they could have done differently?

Not at this time. We do have an evaluation period of end use product still to evaluate, and if any improvements or changes are identified at that time, we will approach them again and inquire if they are within the "base functional updates" that we have on retainer currently.

Other than that, other changes or additions would be out of scope for the project we did.

Please describe your company and your position there.

I am the owner of a small web design agency

For what projects/services did your company hire Crafted Compliance, Inc.?

Crafted Compliance performed several services for our firm including a NIST/ISO Gap Assessment, Penetration Testing, Vulnerability Scanning and a web application test against our servers and networks.

How did you select Crafted Compliance, Inc., and what were the deciding factors?

We interviewed several firms and felt that Crafted Compliance was the most qualified and seemed to best understand our environment, goals and objectives.  Their team was compassionate, knowledgeable, and quick to respond to our requests. Their pricing was fair and fit our budget. We were confident we had found the right firm.

Describe the project in detail and walk through the stages of the project.

Due to the nature of the project, and as to not breach our NDA, we won't share specifics.  However, Crafted was comprehensive and multi-faceted in their approach and methodology.  We met with Crafted regularly throughout the project from the initial scoping calls through to delivery.  The final reports were detailed yet easy to understand and of great value to our organization as they used a no-nonsense risk-based approach to clearly outline a road map of what we needed to do and how we needed to do it.

How many resources from the Crafted Compliance, Inc.'s team worked with you, and what were their positions?

We collaborated with our assigned resources were available to us when we needed them, and we had regularly scheduled progress calls.  Our project team consisted of a technical PM, compliance lead and an ethical hacker.

Can you share any outcomes from the project that demonstrate progress or success?

We are extremenly pleased with Crafted's approach and the results achieved.  Their team was professional and easy to work with, exceeded our expectations and delivered on time.  We are very happy with the outcome of our engagement.

How effective was the workflow between your team and theirs?

Seamless. Their team was always quick to respond to our requests and proactive in communicating with us during our engagement.

What did you find most impressive or unique about this company?

We loved their professionalism, depth of knowledge, creative approach, and easy communication style.  They were genuinely interested in achieving results and helping our company from a global perspective and felt like more of a partner than vendor.

Are there any areas for improvement or something they could have done differently?

We didn't run into any issues and were very pleased with the entire interaction.