Institutionalizing Policy

Security Policy Analysis

We review your organizations policies and procedures, make recommendations and plug vulnerabilities.

We review your entire suite of policies to determine gaps in security coverage. For example, we crosswalk your IT or cybersecurity policies with personnel security, insider threat, and sensitive information (i.e. CUI, Classified, Proprietary) for alignment. Many times organizations rely on IT or cybersecurity policy without thought to managing investigations or identifying information that needs to be protected. Let us do that for you. We recommend alignment of policies with the following as an example:

  • IT
  • Personnel security
  • Physical security 
  • Export controls
  • Public release review
  • Human resources
  • System security

Security Compliance

We provide tailored solutions to help defense contractors meet compliance requirements under:

  • FOCI Mitigation
  • ITAR / EAR
  • NISPOM
  • National Security Presidential Memorandum (NSPM-33)

Outsourced FSO Solutions

It’s not easy to understand the requirements for becoming a cleared defense contractor or for newly cleared companies to navigate security clearance requirements.

Security Policy Analysis

It’s not enough to be NIST or CMMC compliant or certify information systems for processing CUI and classified information. We will review your corporate policies, make recommendation, write new policies or develop programs to ensure your organization is compliant.

System Security

More and more, contract language requires the contractor to conduct tasks in support of Program Protection Plans (PPP) and develop Program Protection Implementation Plans (PPIP).

Contact us @ jb@thriveanalysis.com

Services

What We Can Do For You

Our specialty is our capability to interpret requirements and how they should be implemented for your unique situation. We apply program protection, write and tailor processes, procedures and policies so that they will fit within the constraints of your enterprise.

Your enterprise is made up of many moving parts and business units, but none should stand alone. We believe each requirement should be part of the corporate body and not a stove piped solution. We conduct analyses for entity wide application so that burden and opportunities are shared:

  • Corporate Policy
  • Program Protection Planning
  • Supply Chain Risk Management
  • Criticality Analysis
  • OPSEC Analysis
  • Security Classification Guidance
  • NISPOM Compliance

Program Protection Planning

Supply Chain Risk Management (SCRM)

Criticality Analyses

NISPOM Compliance

Processes and Procedures

Cyber-SCRM