Information Security Experts

FRSecure™ is a full-service information security management company  that protects sensitive, confidential business information from unauthorized access, disclosure, distribution and destruction.

Information security is not a one-size-fits-all as others would lead you to believe. FRSecure works hard to assess your most significant vulnerabilities (information security assessment), put a plan together for managing those risks (information security roadmap), and helps you execute that plan (information security program development).

What makes FRSecure different?

FRSecure Methodology – FRSecure has developed a proprietary approach to assessing information security risks. It’s more than a checklist of questions and recorded answers. Get a full picture of your risks – prioritized and rated – with recommended solutions, so you know which investments will have the greatest impact.

FRSecure Project Leaders – Our project leaders possess years of real-world information security experience assessing and building security programs from the Fortune 100 to SMBs.

Full Transparency – FRSecure strongly believes in empowering our customers. The more knowledge transfer that occurs during our engagement, the more value our customers recognize. FRSecure fully discloses the methods, tools, and configurations used to perform analysis work for our customers, so that they can easily adopt our processes for their benefit.

Product Agnostic, On Purpose –FRSecure does not represent any third-party products or services. Our recommendations stand on their own, with no ulterior motive to sell you other things.

 
$5,000+
 
Undisclosed
 
50 - 249
 Founded
2008
Show all +
Minnetonka, MN
headquarters
  • FRSecure
    5909 Baker Road, Suite 500
    Minnetonka, MN 55345
    United States

Reviews

Sort by

Cybersecurity Audit for Shoe Retail

"They were easy to get a hold of for questions and great at communicating with us."

Quality: 
5.0
Schedule: 
5.0
Cost: 
4.0
Willing to refer: 
5.0
The Project
 
$10,000 to $49,999
 
Mar. - Apr. 2018
Project summary: 

After a thorough discovery and interview phase, FRSecure delivered an in-depth cybersecurity audit and provided best-practice policies.

The Reviewer
 
201-500 Employees
 
Maple Grove, MN
Mike Schuler
President, Schuler Shoes
 
Verified
The Review
Feedback summary: 

FRSecure's reports indicated several significant external threats and advised secure solutions against them. Their expertise in their field, amiable approach and autonomous workflow allowed for a smooth engagement.

BACKGROUND

Introduce your business and what you do there.

I am the president of Schuler Shoes, a retail store company with nine locations in the Minneapolis St. Paul area and an online presence. We’ve been around for 125 years.

OPPORTUNITY / CHALLENGE

What challenge were you trying to address with FRSecure?

We needed a technology specialist to create a roadmap to identify the information security threats we are exposed to as well as ways to approach them in order of priority based on the risk of the threat and related to our business needs.

SOLUTION

What was the scope of their involvement?

FRSecure started off with a general collection of data over the phone and sent us some documents to allow access to our security systems. Then, they walked us through the scope of the work.

For the main portion of the project, they came onsite and asked us questions to understand our company and its requirements. Then, their team did some offsite work, scanning our security for vulnerabilities. Using the gathered research, they prepared a 200-page report highlighting our strong points and places that needed improvement. They also provided a checklist in Excel with showcasing the security and functions that we could improve, which they took us through step by step. Finally, FRSecure created security policies to help guide and direct our IT team from a policy and HR standpoint.

What is the team composition?

We had an initial sales contact, and then once we signed on, we were assigned a project manager. We were also provided two technical specialists that helped us with the onsite work.

How did you come to work with FRSecure?

A previous employee of ours introduced us to FRSecure. We liked that they were local and understood our business a little—even before we hired them.

How much have you invested with them?

We invested $17,000 in total.

What is the status of this engagement?

We worked with them in March 2018 and ended the engagement in April 2018.

RESULTS & FEEDBACK

What evidence can you share that demonstrates the impact of the engagement?

It is a little early to measure results. However, through security scans they did, we found ways to secure against external threats and hackers. The policies they created for internet use, computer use, and device use from home also secured our systems.

FRSecure's expertise, in general, has been very useful for us and they found technical solutions that we wouldn’t have known about. The results are still coming in, but so far it's already been worth the time and money we've spent.

How did FRSecure perform from a project management standpoint?

They were easy to get a hold of for questions and great at communicating with us. They worked autonomously and made the process easy.

What did you find most impressive about them?

FRSecure have a lot of experience, knowledge, and understanding of the landscape. They have a lot of clients who have more regulatory requirements such as health care providers, and we could tell they were professionals. They were very friendly and always polite with their suggestions. Their team was always trying to improve our business.​

​​​​​​Are there any areas they could improve?

The process relied heavily on the interviews and that took a long amount of time. Smaller companies, like us, would benefit from maybe a more miniature version of the discovery process to save some time and money. However, overall, they did an excellent job. 

5.0
Overall Score
  • 5.0 Scheduling
    ON TIME / DEADLINES
  • 4.0 Cost
    Value / within estimates
  • 5.0 Quality
    Service & deliverables
  • 5.0 NPS
    Willing to refer

Cybersecurity Audits and Training for Printing Firm

"The higher level of security we’ve achieved with their guidance has allowed our business to grow immensely."

Quality: 
5.0
Schedule: 
4.5
Cost: 
4.0
Willing to refer: 
5.0
The Project
 
$50,000 to $199,999
 
Mar. 2012 - Ongoing
Project summary: 

FRSecure provides a variety of cybersecurity services, including security and payment card industry (PCI) auditing and recommendations. They also train employees on security policies and procedures.

The Reviewer
 
201-500 Employees
 
United States
Security Administrator, Premier Printing Company
 
Verified
The Review
Feedback summary: 

FRSecure’s recommendations have resulted in a level one PCI certification, which is the highest level of certification a company can achieve. Their highly personalized recommendations and services have resulted in heightened security and continual growth in business.

BACKGROUND

Introduce your business and what you do there.

I’m the security administrator at a high-end printing company. We do printing primarily for fashion retail, financial, and healthcare industries.

OPPORTUNITY / CHALLENGE

What challenge were you trying to address with FRSecure?

We have access to a lot of our customers’ secure and sensitive data in order to print catalogs with their clients’ mailing addresses and send them out. As such, we need to have a strong security system to protect that data. Ours was a bit scattered and weak when I was hired, so I was looking to revamp our security policies and procedures, particularly involving security audits. FRSecure provided their expertise to guide that process.

SOLUTION

What was the scope of their involvement?

Security auditing is one of the largest aspects of FRSecure’s work with us. It assures our customers that we are as secure as we claim to be and they can trust us with their data. Every two years, they do a comprehensive two-day audit of administrative, technical and physical security systems. I provide them with documentation of our security procedures, as well as other evidence I can offer to prove we’re doing everything we can to protect our customers’ internal data. 

After they’ve completed the audit, they deliver a graded report with recommendations on what we can do to improve. That recommendation is extremely important to us because it helps us prioritize the issues that need to be addressed.

Beyond audits, FRSecure has advised on a lot of our security policies and procedures. They’ve designed some of the security awareness and incident response training we send out to our employees. They’ve also come on site and given live training to our employees. 

Another large part of our partnership is their assistance on our payment card industry (PCI) certification. To collect credit card data, our credit card data security system has to be audited and pass the PCI certification. PCI council allowed FRSecure to be our PCI auditor which has been greatly helpful because they know our system so well. With their recommendations and assistance, we’ve been able to pass our PCI certification for the last three years. 

What is the team composition? 

In the early days of our partnership, we worked closely with FRSecure’s CEO and founder, Evan Francen. As the company grew and Evan took on more responsibilities, we began working with our own security advisor and project manager from their team. We also work with a variety of additional people from their team depending on the project. Currently, we’re working closely with about five people from their team.

How did you come to work with FRSecure?

One of the sales reps cold-called us to offer their services. After doing a bit of research on them and meeting with Evan, we decided to move forward with them.

What is the status of this engagement?

We began working with them in 2012. Currently, we work with them on a monthly retainer basis.

RESULTS & FEEDBACK

What evidence can you share that demonstrates the impact of the engagement?

Thanks to FRSecure’s PCI audits and recommendations, we’ve earned a level one PCI certification, which is the highest level you can achieve. 

The higher level of security we’ve achieved with their guidance has allowed our business to grow immensely. Clients trust us with their sensitive data and that wouldn’t be possible without FRSecure’s services.

How did FRSecure perform from a project management standpoint?

We’re very happy with their performance. They remain available to us whenever we want to communicate, whether it’s about current projects or any security incident we have to respond to. We primarily use email and phone to communicate with them.

What did you find most impressive about them?

They’re extremely personable. I know their staff on a first-name basis. Despite them being a growing business, I still feel like I’m working with smaller, personalized security consultants. I never feel like I’m bothering or burdening them when I reach out. They’re always available and willing to help.

Are there any areas they could improve?

This isn’t an area for improvement, but I would suggest that they make sure to maintain the small, personalized feeling of their firm despite its growing clientele. I think it’s what distinguishes them.

5.0
Overall Score
  • 4.5 Scheduling
    ON TIME / DEADLINES
    They’ve done an excellent job on scheduling.
  • 4.0 Cost
    Value / within estimates
    They’ve been flexible with us, but there’s always room for improvement.
  • 5.0 Quality
    Service & deliverables
  • 5.0 NPS
    Willing to refer

IT Security Assessment for Supermarket Chain

"They used a comprehensive methodology that produced a comprehensive report. I was very pleased and so was my boss."

Quality: 
5.0
Schedule: 
5.0
Cost: 
5.0
Willing to refer: 
5.0
The Project
 
$10,000 to $49,999
 
Dec. 2017 - Feb. 2018
Project summary: 

FRSecure conducted an internal and external risk assessment of a grocery chain’s e-commerce platform. The assessment included an on-site visit to evaluate security policies and physical controls.

The Reviewer
 
5,001-10,000 Employees
 
Minnesota
Senior IT Security Analyst, Grocery Chain
 
Verified
The Review
Feedback summary: 

FRSecure produced a comprehensive and easily understood report that identified key areas for security improvement. The team’s common sense and intuitive approach stood out, and helped to solidify a long-term relationship.

BACKGROUND

Introduce your business and what you do there.

I am the senior IT security analyst for a regional grocery store chain in the upper Midwest.

OPPORTUNITY / CHALLENGE

What challenge were you trying to address with FRSecure?

I am a staff of one and we do not have a lot of funds to dedicate to security initiatives. In order to get a better handle on threats, I realized we needed to reach out to a company with an excellent history of conducting risk assessments and was competitive in the market space. Specifically, we needed someone to look at our e-commerce platform and assess its internal and external risks.

SOLUTION

What was the scope of their involvement?

FRSecure had a unique proprietary risk assessment methodology that started with a basic scope review. They then moved onto a technical phase by taking a look at our network diagrams and policies while scanning for vulnerabilities.

Next, they conducted a two-day onsite visit. The first day, they focused on our administrative controls by interviewing key stakeholders involved in the management of the e-commerce platform. The second day, they focused on our physical security—administrative and physical controls, etc.—and then provided a very comprehensive report. The report included a basic executive summary for middle management and a technical overview that identified exactly what we need to fix.

They used a comprehensive methodology that produced a comprehensive report. I was very pleased and so was my boss.

What is the team composition?

I worked with one individual from FRSecure on the project.

How did you come to work with FRSecure?

The store has a business relationship with them going back a few years, so we knew they were a proven commodity we could trust. The relationship was established before my time, but I was aware of them as well and knew they were a great company.

How much have you invested with them?

It was very economical—approximately $13,000.

What is the status of this engagement?

We began working with FRSecure in December 2017, and we concluded with the onsite visits in February 2018.

RESULTS & FEEDBACK

What evidence can you share that demonstrates the impact of the engagement?

An interesting aspect of their methodology is that their metric reports correspond to credit report ratings so that people are innately familiar with it. Like credit scores, FRSecure’s scores go from 300 to 800, and we did outstanding overall. There were some findings however, and we are using their recommendations to actively remedy some technical aspects of our security and add to our administrative policies.

How did FRSecure perform from a project management standpoint?

We had no problem at all with project management. We mostly communicated over email and phone, while collaborative work was done through their own communications application.

What did you find most impressive about them?

FRSecure has a very common sense approach to risk assessment. Most other companies get carried away with grandiosity and make things too complicated. FRSecure’s approach is very intuitive. Take for example their application of credit score ratings; the information is presented in a way that makes it easy for key stakeholders to understand without needing a long explanation process.

Are there any areas they could improve?

I don’t have any recommendations for improvements. They just need to keep doing what they are doing.

5.0
Overall Score
  • 5.0 Scheduling
    ON TIME / DEADLINES
  • 5.0 Cost
    Value / within estimates
  • 5.0 Quality
    Service & deliverables
  • 5.0 NPS
    Willing to refer

Penetration Testing for Law Firm

“They’re incredibly knowledgeable, very helpful, and willing to answer anything.”

Quality: 
5.0
Schedule: 
5.0
Cost: 
5.0
Willing to refer: 
5.0
The Project
 
Less than $10,000
 
June 2017
Project summary: 

FRSecure provides annual penetration testing to ensure compliance with strict regulations. Once testing is complete, they deliver an extensive written report with recommendations to improve system security.

The Reviewer
 
11-50 Employees
 
Dickinson, North Dakota
Blake Markegard
Financial Manager, Mackoff Kellogg Law Firm
 
Verified
The Review
Feedback summary: 

FRSecure offers a valuable service with a professional approach. Facilitating a smooth process, they complete testing within a week and don’t require website downtime to do so. The testing report is thorough but comprehensible. Deadlines and project goals were safely met.

BACKGROUND

Introduce your business and what you do there.

I’m a financial manager at Mackoff Kellogg Law Firm. We’re a traditional law firm, but also provide legal services to major banks across the country.

OPPORTUNITY / CHALLENGE

What challenge were you trying to address with FRSecure?

Our bank clients require us to do penetration testing to ensure our system is secure. We reached out to FRSecure to provide this service.

SOLUTION

What was the scope of their involvement?

They currently only do penetration testing for us, but that could change at any moment with our requirements. The actual testing lasted about a week. Afterwards, they gave us a comprehensive report with suggestions on how to further protect our data. We're definitely open to utilizing them for additional services in future.

What is the team composition?

I communicated with a main point of contact and worked directly with one tester as well. However, two or three testers worked on the project.

How did you come to work with FRSecure?

We considered several companies, but FRSecure was recommended to us by our IT vendor. Considering the cost and a couple of other factors, we felt they were the best fit for our company.

How much have you invested with them?

We’ve spent $4,500.

What is the status of this engagement?

We started working with them in June 2017 and the relationship is ongoing.

RESULTS & FEEDBACK

What evidence can you share that demonstrates the impact of the engagement?

FRSecure’s services help us maintain compliance with our major banking clients. The process was smooth and painless. We’re very happy with the quality they provide.

How did FRSecure perform from a project management standpoint?

They respond to questions via email on the same day. They’re prompt and the process was everything I could have wanted. We met every deadline set in the project timeline.

What did you find most impressive about them?

Their responsiveness and expertise are noteworthy. There was no downtime on our end, so we didn’t notice when it was happening. They made it an easy process for us.

Are there any areas they could improve?

I don’t have any complaints about what they did for us.

Do you have any advice for potential customers?

I’d recommend customers ask lots of questions. They’re incredibly knowledgeable, very helpful, and willing to answer anything.

5.0
Overall Score Every aspect of the experience was great.
  • 5.0 Scheduling
    ON TIME / DEADLINES
    No issues at all with timelines.
  • 5.0 Cost
    Value / within estimates
    It’s an expensive process but a good value for what they did.
  • 5.0 Quality
    Service & deliverables
    The report was easy to read but still comprehensive.
  • 5.0 NPS
    Willing to refer
    I’d recommend them to anybody looking to complete a similar project.

Annual Penetration Testing for Asset Management Firm

"Putting in place new security measures and seeing the score change has really given us a lot more confidence."

Quality: 
5.0
Schedule: 
5.0
Cost: 
5.0
Willing to refer: 
5.0
The Project
 
Less than $10,000
 
July 2015 - Ongoing
Project summary: 

FRSecure performs annual penetration tests to determine the security of an investment firm’s systems and information. Reporting and analytics round out the engagement.

The Reviewer
 
11-50 Employees
 
Minneapolis, MN
Jodi Halbert,
CCO, Tealwood Asset Management
 
Verified
The Review
Feedback summary: 

Investor confidence increases in direct correlation to following FRSecure’s recommendations and improving test results. The team's patience, responsiveness, and ability to communicate difficult technological concepts in an easily understood way are hallmarks of the engagement.

BACKGROUND

Introduce your business and what you do there.

I'm the chief compliance officer and chief technology officer for an investment adviser. We manage individual accounts and invest our clients in stocks and bonds.

OPPORTUNITY / CHALLENGE

What challenge were you trying to address with FRSecure?

We were looking for a company to provide a double check of what we’ve done to secure our clients’ information. We wanted to find out if we’re doing the things that we should be in order to protect them and if there are areas where we need to improve.

SOLUTION

What was the scope of their involvement?

They perform an annual penetration test by attempting to access our system to see where there might be holes and vulnerabilities. They also do a scan of what’s out there in social media or on our website that may give people information that could be dangerous. The test itself takes place over one night and then FRSecure runs the results through their scoring system. About three weeks later we have a conference call where they give us a full report along with their recommendations for any changes we should make.

What is the team composition?

The team is about four people and we have one main contact.

How did you come to work with FRSecure?

I was introduced to them when they spoke at a compliance roundtable. I called and talked to them and liked what they had to offer.

How much have you invested with them?

The initial test was more but now we spend around $1500 each year.

What is the status of this engagement?

We started in 2015 so this will be our third year running the test in July.

RESULTS & FEEDBACK

What evidence can you share that demonstrates the impact of the engagement?

There were a number of suggestions for steps to take after the initial test in 2015. We followed their recommendations and it significantly changed our score. The tester actually said he had to double check to make sure he was looking at the same company because the score changed so dramatically.

Putting in place new security measures and seeing the score change has really given us a lot more confidence in our IT provider. It also comforts our clients when they learn of the steps that we’re taking to protect their information.

How did FRSecure perform from a project management standpoint?

I never have any issues with communication. They’re always available to answer any questions, even when I have follow-up questions after getting the report. The test requires very little hands-on time on our end, which makes it painless.

What did you find most impressive about them?

I really like the report that they provide because they really break everything down. That level of detail makes me feel that they looked into things carefully and are there to help us do better.

Are there any areas they could improve?

No.

Do you have any advice for potential customers?

Take time to analyze the report and ask questions. Having them break down the technical jargon and discuss it in layman's terms is really important and really helpful.

5.0
Overall Score I’m really happy to have found them.
  • 5.0 Scheduling
    ON TIME / DEADLINES
    I never had to wait for anything.
  • 5.0 Cost
    Value / within estimates
    They're very reasonably priced for what they do.
  • 5.0 Quality
    Service & deliverables
    Their work is very detailed and thorough.
  • 5.0 NPS
    Willing to refer
    I've already recommended them a couple of times.

Cybersecurity Audit for Actuarial Consulting Firm

"They’ve been there every step of the way and done everything as we agreed."

Quality: 
5.0
Schedule: 
5.0
Cost: 
4.0
Willing to refer: 
5.0
The Project
 
Confidential
 
Jan. 2017 - Ongoing
Project summary: 

FRSecure is conducting a SOC 2 audit to ensure data security. The process involves remote and on-site examination of both digital assets and physical conditions. 

The Reviewer
 
11-50 Employees
 
Minneapolis, Minnesota
Tony Urdahl
Founder, Hildi, Inc.
 
Verified
The Review
Feedback summary: 

FRSecure identified several points of weakness and suggested concrete resolutions. Testing is thorough and communication consistent regardless of circumstances. 

BACKGROUND

Introduce your business and what you do there.

We’re a small actuarial consulting firm with 11 employees.

OPPORTUNITY / CHALLENGE

What challenges were you trying to address with FRSecure?

We had a client that was worried about their data, so we were basically required to do a SOC 2 (Service Organization Controls) audit if we wanted to keep them as a client. This was the first time we interacted with a cybersecurity company in this way.

SOLUTION

What was the scope of their involvement?

Everything’s been related to a SOC 2 audit. We’ve done two to three different engagements with them related to that. A lot of firms are requiring their partners and vendors to go through a SOC 2 audit. It basically makes sure we have the processes and procedures to minimize risks of a cybersecurity breach. We hold a lot of their data, and they want to ensure we’re secure. That’s where FRSecure came in.

A SOC 2 audit entails getting all your systems up to snuff, and then an auditor comes in to confirm we’re done it right. We’re at the stage right now where FRSecure is helping us get ready for this audit. We’ll have the auditor come in very soon, and we’re hoping we pass. We’re setting up lots and lots of policies. For example, if you have a new employee come in, we have a policy that defines the steps IT needs to take.

They look at our server to make sure it has all the up-to-date stuff, so the client can’t get hit. We have to make sure we lock our file rooms and don’t leave stuff at our desks, all the various things that would increase the chances of Social Security numbers being released to the wrong people. It’s the whole process; setting up all the policies, and then other processes, and working with our internal IT guy to make sure we’re doing the most up-to-date stuff.

We had one on-site meeting, but otherwise, it’s all done remotely. It’s nice to have that option. FRSecure delivers reports and action items as they go along. They’ve given us samples to work with, so we start with those and modify them to meet our firm’s specifics. They’ve been very knowledgeable, and they’ve had a lot of good tools that allow us to work with what they’ve given us and to update.

How did you come to work with FRSecure?

I looked up local auditors who do SOC 2 audits, and they’re the ones who actually referred us to FRSecure. The auditors had worked with them many times and said it’s gone well. They’re a smaller company close to us, so it just made a lot of sense. They were the only company we interviewed.

What is the status of this engagement?

We’ve been working together for almost a year. It’s been taking us a long time, and I’m still not done. That’s not due to anything FRSecure has done, we’re just busy at work. I have to update a few more policies and get that ready for the auditor.

RESULTS & FEEDBACK

Could you share any evidence that would demonstrate the productivity, quality of work, or the impact of the engagement?

We’ve made a lot of changes. We’ve set up all these policies, and now we’ve been having regular IT meetings internally. We’ve had meetings with employees to talk about security. We’ve locked our server room so no one can just walk in and do what they want. We’ve changed configurations on the server based on what FRSecure has told us. We’ve changed how we’re sending data back and forth with clients. Basically, we’ve changed most everything in the overall data process.

We’ve hired them to do penetration testing. They try to attack our server to see if there are any holes in it. They do those monthly. There have been a few things we’ve changed due to these tests, which has been good. They’ve also given us some ideas on disaster recovery and business continuity. We’re still in the process of working on that right now, but they’ve definitely given us some good tools to update that.

How did FRSecure perform from a project management standpoint?

A lot of our communication is by email, but we also have scheduled meetings. We all get on and do a live webcast so they can see what we’re doing. We’re showing them everything we’re setting up, asking questions, and getting ready for this audit. That’s really what we hired them to do, get us ready to pass the audit. If I could spend a couple hours working on this stuff, I think we’ll be ready for the audit. I’ve met with the auditor once, and there were a couple things we still had to do, so we’re very close.

What did you find most impressive about FRSecure?

I didn’t know what to expect. Trying to change all your processes is not fun and not our business. It’s kind of been a pain, but not because of them. We’re realizing that we’re so far behind the times. It’s been good to talk with them, and they’re helping us get into the 21st century and be more prepared.

Are there any areas FRSecure could improve?

I can’t think of anything. They’ve done what we asked them to do. They’ve been there every step of the way and done everything as we agreed.

Do you have any tips for potential clients?

I would tell them that’s it’s going to take longer than they think, and it’s much more involved than they think. They’re going to have to devote someone to spend a lot of time. I’m not sure I would tell them to react any differently regarding FRSecure. I would just warn them as to what’s really involved. For a small business, it takes a lot of time away from doing your real business.

5.0
Overall Score
  • 5.0 Scheduling
    ON TIME / DEADLINES
  • 4.0 Cost
    Value / within estimates
    They’re not cheap, but I see the value in it.
  • 5.0 Quality
    Service & deliverables
  • 5.0 NPS
    Willing to refer

Early Stage Cybersecurity Services for Healthcare Tech Startup

"They were very flexible and understood our situation, especially as a startup."

Quality: 
5.0
Schedule: 
5.0
Cost: 
5.0
Willing to refer: 
5.0
The Project
 
$10,000 to $49,999
 
May 2015 - Ongoing
Project summary: 

FRSecure advises on cybersecurity measures to ensure HIPAA and PCI compliance, providing strategic recommendations for web development initiatives and fixes and conducting platform pen testing. 

The Reviewer
 
1-10 Employees
 
Minneapolis, Minnesota
President, Trailhead Health
 
Verified
The Review
Feedback summary: 

Thanks to FRSecure’s detailed understanding of both technical requirements and healthcare regulations, the complex site has maintained impeccable compliance and reliable performance. FRSecure’s responsiveness, customer-focused attitude, and robust audit processes continue to promote stability.

BACKGROUND

Introduce your business and what you do there.

I’m the president health care an online platform that brings together integrative holistic therapies. We educate consumers about their healthcare options and connect those consumers with local practitioners of each specialty. 

OPPORTUNITY / CHALLENGE

What challenge were you trying to address with FRSecure?

We decided to approach FRSecure earlier than most companies would have. Many companies call them when they have issues or are in need of urgent consultancy. We called them as a startup because we needed a good HIPAA-compliance consultant from the beginning. We wanted to make sure that we built our website correctly and didn’t have to be reactive to something we didn’t build correctly, which can be very expensive and takes a lot of time. We were interested first in their HIPAA compliance knowledge and then PCI [payment card industry] compliance. We also wanted them to test what we’ve built via penetration to make sure that it’s sound. 

SOLUTION

What was the scope of their involvement?

We started building this website from scratch. We built it internally with our IT people, and FRSecure definitely consulted with us on how to build it. Once we made certain pieces, we would circle back with them for tweaks so that the finished product would be extremely secure and built the right way. For PCI compliance—which is needed for any website that's going to be collecting credit card information—they made sure that we had a secure payment gateway that was integrated correctly within our site. They also helped us on the policy side of things by explaining rules and regulations and making sure that we knew exactly what to expect from a compliance standpoint. They promoted a secure environment as we were building the website, rather than waiting until the end.

The team from FRSecure included a handful of really great guys. John [VP of Operations, FRSecure] was our first point of contact. Then, John and Steve [Senior Sales Consultant, FRSecure] helped us understand the scope based on our needs and directed us to the right people within the team. Ryan [Solutions Engineer, FRSecure] and Tim [Information Assurance Analyst, FRSecure] were incredibly knowledgeable and really bright guys. They can talk the techie lingo but are able to explain it in a way that non-techie people can understand. We also had an account manager who would set up meetings and sit in to understand what we’re about, what we’re trying to do, and facilitate our needs there. Now, we’re working with Derek [Security Consultant, FRSecure]. He's been responsive and really helped us understand what we're doing as well.

How did you come to work with FRSecure?

We did our own research online, starting with Minnesota and spreading as far as California. We looked at 15 companies. We came across FRSecure’s website fairly quickly and definitely were impressed in the first go-round. We really liked their website and message, and they seemed very professional from the start. From there, we talked to John and got a very good first impression, so we went with FRSecure.

How much have you invested with FRSecure?

Over the last 3 years, we’ve spent around $15,000–$20,000, probably closer to $15,000. They will continue working with us throughout the rest of this year. We’re going to be rolling out some new features to our website to support patient-to-practitioner messaging, which has to be HIPAA-compliant as well. If somebody talks about having a certain disease or condition, you've got to follow that HIPAA compliance protocol. We plan to double our budget over the next year, spending close to $30,000 by 2018.

What is the status of this engagement?

We started working with FRSecure almost 3 years ago. The platform is live. We launched trailheadhealth.com in December or January of this year. As with any complex website, you're going to have bugs that you can only learn about later. Once we launched, we made changes and talked with FRSecure to make sure that our tweaks are still in line with our security priorities. They have also done audits since the launch, and we explored some penetration testing, which went well. They reviewed the entire structure of our business and have been very helpful. 

RESULTS & FEEDBACK

Could you share any evidence that would demonstrate the productivity, quality of work, or impact of the engagement?

They are really knowledgeable. They took pieces of our complex site and pieces of ever-changing HIPAA compliance and made the requirements easy to understand. We’ve had the same group since day 1, and they’ve only brought in new experts as needed. That's always comforting as a business owner: when you have a point of contact, you don't want to be moved around to a bunch of different people and have to reintroduce your concept. This team stuck with us for the 3 years without any turnover. I think that speaks a lot to their business as well. Our IT guy loves working with them, too. We’ve had a great experience.

How did FRSecure perform from a project management standpoint?

They map and scope the audits, and they give us a heads-up about how many hours a project will take. They help us understand the timelines and the costs very well. They delivered reports and gave presentations on-site about things we need to do. They were great. They can work with us in any facet. They're so flexible; we do phone calls, send emails, and have screen-share presentations. We didn’t really use a specific portal for tickets.

We like working with them, so we would drive out to their location, which is about 40 minutes from our office. They’ve moved a little bit closer, so sometimes we see them in person, which is convenient for us. They’ve shown that they can work with businesses on any level.

What did you find most impressive about FRSecure?

They treat their customers with tremendous respect. Not everybody treats us that way. For building this website, we worked with a number of contractors and businesses. FRSecure was the only company that wasn't nickel-and-diming our business for each minute spent. They were very flexible and understood our situation, especially as a startup. They devoted the time to learn about our project and its direction. They weren't just focused on invoicing me as quickly as possible. When they moved offices, we had no hiccups at all. It was a seamless transition.

Are there any areas FRSecure could improve?

I don't know that I could identify any right now. They've done a fantastic job.

What tips or recommendations could you share that might increase the likelihood of success with FRSecure?

HIPAA compliance is a difficult topic, and it’s always changing. I would have started working with FRSecure even sooner. I always want to maintain control, but we really need experts for things like HIPAA compliance, PCI compliance, and security. With all of the hacking and security breaches going on, we need a good organization that has our back. FRSecure has had our back from the start. 

5.0
Overall Score They’re professional and responsive and put their customers first. They hire talented people, and I think they just do a fantastic job recruiting. They find people who are not only experts but also have personality. That’s hard to find in IT these days.
  • 5.0 Scheduling
    ON TIME / DEADLINES
    We have no issues.
  • 5.0 Cost
    Value / within estimates
    They have the flexibility to work with us as a startup, knowing that we had a limited budget for 6–9 months.
  • 5.0 Quality
    Service & deliverables
  • 5.0 NPS
    Willing to refer
    Without a doubt, I'll always recommend and trust them for our website going forward.

Cybersecurity Audit & Presentation for Regional Bank

"We have a partnership that I rely on continually."

Quality: 
5.0
Schedule: 
5.0
Cost: 
4.5
Willing to refer: 
5.0
The Project
 
$10,000 to $49,999
 
2015 - May 2017
Project summary: 

FRSecure conducted annual social engineering and cybersecurity audits for risk assessment and compliance, providing detailed action items and presenting their findings to both IT and executive personnel.

The Reviewer
 
51-200 Employees
 
Bloomington, Minnesota
VP, Technology
 
Verified
The Review
Feedback summary: 

Each robust assessment pinpointed diverse vulnerabilities and promoted timely resolutions, thanks to FRSecure’s clear recommendations. The team’s integrity, transparent documentation, and adherence to aggressive timelines inspired mutual trust and respect.

BACKGROUND

Introduce your business and what you do there.

I’m the vice president of technology and services at a regional bank with 6 branches and about $1.3 billion in assets. We have a high concentration of commercial real estate and focus on the commercial side of banking. My responsibilities include managing the infrastructure, help desk, security, and systems of the bank.

OPPORTUNITY / CHALLENGE

What challenge were you trying to address with FRSecure?

We’re required to do an audit every year. We change auditors every 2 years. For the past 6 years prior to working with FRSecure, we approached the audits through the audit companies exclusively. But, this time, due to cybersecurity risks, we wanted to look at the audit from more of an IT security framework versus just the compliance side of those controls. That’s why we chose FRSecure.

SOLUTION

What was the scope of their involvement?

They’ve done 3 audits for me—a social engineering audit and 2 IT audits for 2 different years. On the social engineering side, we were doing an internal phishing and calling scam to see how many of our employees would click on the link or answer the phone call by sharing some private information. The IT audit addressed 4 categories: penetration testing, vulnerability assessments, IT general controls and governance, and physical security.

The reports that they delivered at the conclusion of these audits resulted in action items, especially for the first year. The second audit report identified new threats. That was my expectation because we had satisfied the original items, as verified through this second audit. These new steps were designed to take us to the next level in the maturity model for security.

For both years, different analysts came in, but I was still able to ask the analyst questions. I had a project manager that was my single point of contact for each year, which helped make it more efficient on my side.

How did you come to work with FRSecure?

At the time, I had sent out an RFP. Five companies responded, including FRSecure. The deciding factors were the clarity and accuracy of their response to the RFP, experience level, presentation of documentation, and price point. FRSecure had the best answers and options. I did the social engineering audit almost as a test for their company to see how they handle even just a regular IT project. It was a good small scope to begin our relationship with.

How much have you invested with FRSecure?

For both years, we spent between $17,000–$20,000.

What is the status of this engagement?

I originally sent the RFP in 2015. The social engineering audit was done within the first year, prior to the IT audits. Both IT audits were done over 2 consecutive years. We added the FFIEC [Federal Financial Institutions Examination Council] portion to the last IT audit. 

RESULTS & FEEDBACK

Could you share any evidence that would demonstrate the productivity, quality of work, or impact of the engagement?

I really liked FRSecure because they gave priority to the action items. They put them into 2 formats: a technical list for the IT side, and the same information in a different way for the executive summary and the board. Having the same information in 2 different formats was incredibly helpful.

They gave us an estimation for how long the audits would take and delivered a week early. I had an aggressive timeline for the second year, which took out one of the RFPs because they initially knew they wouldn’t be close to finishing on time. Typically, we give anywhere from 5–6 months of request time, but they were able to do it in under 3.

For the first year, they had asked for a list of documents on a secure portal, similar to our FDIC exams. This year, they didn’t ask for them until they were on-site, which was another unique aspect. It was a good addition to the second level of testing as far as maturity for us.

How did FRSecure perform from a project management standpoint?

They helped interpret the reports for us twice. Our RFP stipulated that they give a presentation of the results, which they did both online through WebEx and on the phone. They also give the same talk or a different presentation to the executive committee or board if needed.

On 2 occasions, I reached out to them afterward by call or email to ask general follow-up questions to some of the action items and received great feedback.

What did you find most impressive about FRSecure?

FRSecure, compared to others that I’ve used in the past, offers work that’s more than just security-based; they’re also an information-sharing company. They truly want to make our security better versus offering sales points to advance their business. With other auditing firms, I’d go through an audit and receive a list of action items. Then, the provider would give me a list of charges for completing the items, which made the audit seem less genuine. With FRSecure, I never feel like I’m getting a sales pitch. We have a partnership that I rely on continually. I know they really stand by the results and recommendations of their audits because they’re willing to carry out the actions of what they’re identifying.

Are there any areas FRSecure could improve?

For the action items, I’d love to have some trackable portal that I could log into that isn’t just an Excel spreadsheet, but I can work with that. 

5.0
Overall Score Their analysts have amazing knowledge levels and are passionate about their security. They have a really cool approach.
  • 5.0 Scheduling
    ON TIME / DEADLINES
  • 4.5 Cost
    Value / within estimates
  • 5.0 Quality
    Service & deliverables
    When the audit is easily understandable by members outside of IT, it’s a huge asset for any company. Their format is understood by our board, senior leadership, and different audit and risk committees that have nothing to do with IT.
  • 5.0 NPS
    Willing to refer

FISA Cybersecurity Audit for First National Minnesota Bank

"One of the reasons I prefer them is that they offer very personal instruction and guidance."

Quality: 
5.0
Schedule: 
5.0
Cost: 
5.0
Willing to refer: 
5.0
The Project
 
$50,000 to $199,999
 
Jan. 2017 - Ongoing
Project summary: 

FRSecure conducted a comprehensive security audit of a regional bank. Services included digital and physical vulnerability testing, as well as a five-step administrative controls review.

The Reviewer
 
11-50 Employees
 
Mankato, Minnesota
Sr. IS Officer, First National Minnesota Bank
 
Verified
The Review
Feedback summary: 

Based on their findings, FRSecure delivered critical feedback on meeting regulations and optimizing security at all levels of the organization. Their risk mitigation strategies are peerless. Because they are a smaller firm, they can offer more helpful personalized assessments.

BACKGROUND

Introduce your business and what you do there.

First National Bank is a small community bank in the southwest of Minnesota. We are a $200 million bank. I am in charge of the IT department.

OPPORTUNITY / CHALLENGE

What challenge were you trying to address with FRSecure?

We originally hired them to do penetration testing and vulnerability testing, physical security testing, and then also an administrative controls test or review. Administrative controls would just be coming in and looking at policies and procedures to make sure how we are maintaining our environment. It is not a technical review, but it is a review of what we do in the technology department and how well we safeguard things from an administrative standpoint. The physical security portion is that they come out to each of our branches and take a look during hours we are not open, just to make sure we leave the bank in a secure manner. It can also follow over to opening hours as well, but they like to see how we leave things, checking to see where the cameras are, and if we locked up.

SOLUTION

What was the scope of their involvement?

We used them two years ago for all of those things, then we switched to somebody else. We have a policy that says we have to switch who we use for that type of service. We have really liked working with FRSecure. We used the other company for a year and now we’ve gone back to them. This year they performed the administrative controls audit and we have not done the physical yet. The rest of the audits are set to be done before the end of the year.

The admin controls audit takes them about a day of interviews with myself, HR, and some with operations. Then they go back and they review policies and write up a report on that. I would say they had a report back to us within one to two weeks.

Because we are a bank, we are heavily regulated and the OCC is who regulates us. They require these vulnerability tests and penetration testing. We need to make sure that we have those done and that we mitigate any risks that are found. I have one person that I work with that is in charge of coordinating all of it, but I can work with a number of different people depending on what is being done. There is one person assigned as your coordinator.

How did you come to work with FRSecure?

We were working with CTS, a company here in Minnesota, and they had FRSecure out to do a security presentation. Evan, one of the owners, spoke at that event. Afterward, there was a chance to talk with him and based on that, we hired him.

How much have you invested with FRSecure?

We are doing a three-year contract with them instead of just a year by year. If you do multiple different types of audits, they give you a discount because of the different amount of audits that you are doing. They also give you a discount if you contract with them for multiple years. The administrative controls audit is actually two different audits. It is a five-step administrative controls review. Then there are the FFIEC additional admin controls. FFIEC is one of the regulators and they put out a guidance for security controls. They go through that and see how we do as it relates to that. So that is something that is really valuable to us because it relates directly to what OCC is going to come in and look at. There are the external and technical controls, which is penetration testing, an internal technical controls assessment, and physical controls review. And all total, based on a three-year contract in doing all five of those type of audits, it is about $22,000 a year. We get a 10% discount for a three-year agreement.

RESULTS & FEEDBACK

Could you share any evidence that would demonstrate the productivity, quality of work, or the impact of the engagement?

At this point, we were really interested in them doing the administrative controls this year because there has been a lot of new guidance coming down from the FFIEC. We are basically going through and rewriting our internal controls or information security program. Their feedback was really good, and they have been able to provide us with some great templates to use for some of the different types of policies we are going to need to write. We’re rewriting our whole program based on the feedback they’ve given us.

They also gave us a framework of how they see the information security program being built and how it would relate to our bank specifically. That has been really helpful. Everything right now is basically risk-based. Having a really good risk assessment is really key to that. I did go up there for a day and spend a day with them going over that and rewriting our risk assessment. Based on that, we’ve been applying the policies for all those risks. They do offer some classes. I know they have one that is for specifically for writing policies and procedures. They are really good at what they do.

How did FRSecure perform from a project management standpoint?

We communicate by email and phone whenever I need it. When we were originally doing that assessment, I probably talked to them on the phone every day about a week with different questions. Then I went up for a day and did our risk assessment. We are getting ready to do the vulnerability assessment and penetration testing.

What did you find most impressive about FRSecure?

In my opinion, one of the reasons I prefer them is that they really offer you very personal instruction and guidance. Some of the other companies that we’ve used are bigger. The last one we used, for instance, was so big. They are not real flexible in what they are going to do. You may want them to do a certain portion of it, but then you want them to do something a little different, but they are not willing to do that. FRSecure wants to make sure that they give you exactly what you need, and that’s the primary reason that I went back to them.

This type of service is unique at this point and time from what I see out there. They are just really helpful. They really want to make sure that the end result is what you wanted. If they are not going to really give you any kind of a benefit, then they really don’t want to work with you. The really want to know that their work is helpful to you. They have a great group of people to work with them. Some of the people that I worked with on the administrative controls are people that were previously working at a bank in the technology department, that were in charge of those type of things. They really first hand, not just the security side, but also the banking side which is awesome. 

Are there any areas FRSecure could improve?

I can’t think of any. I have been very satisfied.

What tips or recommendations could you share that might increase the likelihood of success with FRSecure?

I guess just read everything that you can get your hands on. There is just so much out there, but a company like FRSecure is certainly going to help you with what’s specific for your area. Read everything you can.

5.0
Overall Score I really like to work with them.
  • 5.0 Scheduling
    ON TIME / DEADLINES
    I had to reschedule a couple of different of things during that timeframe and they were really great to work with. It never caused them a problem. They were always willing to do it and get the job done.
  • 5.0 Cost
    Value / within estimates
    I think if you look out there, you are going to find some that are more expensive. You may find some that are cheaper, but value for the money is very, very good.
  • 5.0 Quality
    Service & deliverables
    It was a great format that was very easy to use. I have to report everything to the board as well, so it is very easy to transfer that into a report for the board.
  • 5.0 NPS
    Willing to refer
    Absolutely.

Phishing Simulation for Medical Imaging Company

"Having a fresh set of eyes from someone not familiar with the company really brought some new insight to things."

Quality: 
4.5
Schedule: 
5.0
Cost: 
4.0
Willing to refer: 
5.0
The Project
 
Less than $10,000
 
Jan. 2017 - Ongoing
Project summary: 

FRSecure sent targeted, false emails to measure how susceptible employees were to phishing attacks. The process involved building fake landing pages for employees to enter their information into.

The Reviewer
 
201-500 Employees
 
Franklin, Minnesota
Information Security Specialist
 
Verified
The Review
Feedback summary: 

FRSecure successfully completed the task as assigned, and they delivered strong analytics after the fact. The team communicated efficiently throughout the project and were genuinely motivated to improve security. 

BACKGROUND

Introduce your business and what you do there.

I am the information security specialist at a medical technology company. I handle anything related to information security. I write policies and arrange for work with IT vendors, such as FRSecure. I’m in charge administering everything about the security program, with the exception of the firewalls. The company does medical imaging, so MRI’s, CT scans, mammograms, bone density scans. We have facilities to do anything that involves scanning inside the human body.

OPPORTUNITY / CHALLENGE

What challenge were you trying to address with FRSecure?

I was looking to do a phishing engagement, which is where we contracted them to send out a bunch of fake emails to our company. We wanted to determine how susceptible we’d be to someone trying to compromise our information by sending fake emails to employees.

SOLUTION

What was the scope of their involvement?

They assigned an analyst to our account, because they had to create a web page, landing page. They had to create the email templates and different fake domains to make it look like it was coming from us internally. They probably automated the actual email sending process. We already knew exactly what we wanted when we approached them.

The results came back pretty negative for our company, which was to be expected because we had done malware awareness training prior to that. Because of the results we got, we were able to get approval to launch a training platform for additional training on internet-based security. We started rolling that out to management and started doing test emails of our own through that platform to continually drill employees and get awareness going. It was a one-time deal, but I may contact them for another engagement where they would pretend to be Touchstone employees, and see how far they can infiltrate a facility or something similar.

How did you come to work with FRSecure?

FRSecure came very highly recommended online, so we didn’t consider other companies.

How much have you invested with FRSecure?

I believe it was about $6,000.

What is the status of this engagement?

We started it in December of 2016, and the actual emails went out in January. We had the information back by the middle of January of 2017. They helped us go through the results. They did a call with me and went over what the findings were, what everything meant on the action items list they gave me. They did a good job of follow-up after the fact.

RESULTS & FEEDBACK

Could you share any evidence that would demonstrate the productivity, quality of work, or the impact of the engagement?

It’s been pretty positive. We have another vendor we’ve worked with as well, and they’ve done good jobs, but having a fresh set of eyes from someone not familiar with the company really brought some new insight to things, which everyone seemed to like.

How did FRSecure perform from a project management standpoint?

We primarily communicated by email, with some phone calls as needed. We were using an internal ticketing system, but FRSecure didn’t have visibility on that.

What did you find most impressive about FRSecure?

They do have the drive to improve the information security field. I actually attended a CISSP (certified information systems security professional) course hosted by their CEO over the last few months, and I’m probably getting my certification next week. They’re really passionate about making the information security field as knowledgeable as possible and doing what it takes to increase the number of people who are qualified to work in the field by any means necessary.  

Are there any areas FRSecure could improve?

I don’t have anything from that engagement. Everything was pretty much as expected.

5.0
Overall Score They’ve been really great at follow-up. We’ve talked about future engagements, not necessarily trying to keep us on as customers, but making sure that we’re doing what we can to shore things up.
  • 5.0 Scheduling
    ON TIME / DEADLINES
    They were very responsive and did everything on our timescale.
  • 4.0 Cost
    Value / within estimates
  • 4.5 Quality
    Service & deliverables
    For the most part, they met my expectations and then some.
  • 5.0 NPS
    Willing to refer