Assessment and Design
Waters Edge assists businesses in assessing existing systems and designing improved systems using our unique, rule-based design methodology. The result is a significant increase in the efficiency and reliability of the process. Our current services include:
 |
Our reports and designs deliver a defensible standard of care. This means that the systems involved:
- Align to recognized published standards, best practices and applicable regulations.
(see Achieving Effectiveness in Information Security)
- Are supported by all necessary policies, procedures, terms of use and other related rules associated with the system.
- Provide demonstrable evidence of compliance valuable to audits, inspections, vendor due diligence, compliance reporting and electronic discovery proceedings.
Our assessment and design services are supported by our extensive research assets, including the Waters Edge Reference Models. All of our assessment and design work is performed to deliver to our client complete transparency—we explain the basis of our evaluations, provide the support for our recommendations and produce detailed reports that enable our clients to defend their actions in reliance upon our work.
Back to top
IT Systems Governance and Compliance
Waters Edge is proud to be an approved consultancy under the Associate Consultancy program of the British Standards Institute. Our use of established international standards as the foundation of the Waters Edge Reference Models provides multiple advantages for IT systems:
- Streamlined approach to compliance with all security-related regulations and statutes
- Reduced cost of compliance
- Improved visibility of information security strategies and tactics and their effectiveness
- Defensible standard of care with demonstrable effectiveness to outside agencies, legal counsel, and customers
We believe that it is important to utilize existing work products of the client as much as possible, and to engage existing personnel in a successful outcome. We provide an established methodology that holistically examines a corporate approach to security, clearly articulates status in terms of measurements and actionable requirements, and maps tasks and outcomes against established standards.
Waters Edge incorporates the following standards into its methodology to provide an extensible and defensible framework for asset protection that can encompass compliance with multiple third party frameworks, such as Gramm-Leach-Bliley (GLBA) and PCI.
- IT infrastructure Library (ITIL)
- Control Objectives for IT (CobiT)
- ISO/IEC 27001:2005 (Information Security Management Systems)
- ISO/IEC 20000:2005 (IT Service Management Systems)
Our approach involves a comprehensive table-top exercise to identify the scope of the existing information security management systems, management presentations for orientation and facilitation, and follow-up on-site reviews of selected areas involved in the ISMS. The work product includes a management level discussion of findings and gaps, as well as recommended prioritized actions to ensure the ISMS is suitable given company business needs.
Should clients desire expertise in follow-up projects, Waters Edge provides:
- Program oversight, coordination and leadership
- Policy development
- On-going periodic assessments
- Pre-certification reviews
- Periodic management reports and presentations
- Corrective action to assessments
With 87% of all companies in litigation, and with compliance one of the fastest growing areas of concern, our expert witness capacity provides clients confidence that we are there to explain and defend client security programs should that become necessary.
Back to top
Records Management
We conduct impartial, comprehensive assessments of existing corporate records management programs. Our assessments deliver authoritative gap-analyses, measuring the progams against comprehensive rulesets that express best practices in today’s challenging environment of regulatory mandates regarding business records. We rely heavily on the Waters Edge Records Management Reference Model to deliver our services.
We design--on a vendor-neutral, product-agnostic basis—long-term records management programs. Our designs are rule-based—this means we document and provide authoritative support for how the program aligns to published standards, notably ISO 15489, and other benchmarks in corporate governance and systems management.
Based on the client’s needs, we can deliver designs that include regulatory compliance models functional specifications, resource models (IT, staff, vendor contracts) and project templates for achieving the designs.
Our records management evaluations and designs leverage our knowledge of IT governance, information security, and regulatory compliance in order to deliver systems-focused reports that maximize the use of automation to manage records as trusted information.
Back to top
Our Electronic Discovery Assessment and Design Services assist three different but critical types of clients:
Companies needing an immediate understanding of their risks under the changing legal rules for producing electronically stored business records in legal proceedings.
Companies designing and implementing e-discovery programs and capabilities that must deliver a defensible standard of care and enable effective business control over the costs of litigation.
Law firms wishing to develop their internal capabilities to partner more effectively with their clients in conducting e-discovery activities.
Our services are similar to our Records Management services, enabling assessments and designs. In addition, we have developed a special set of services associated with our book, Evaluating the Electronic Discovery Capabilities of Outside Law Firms: A Model Request for Information and Analysis. To review those services, click here.
Back to top