Focus on what counts


Focused on Protecting Your Data and Your Business

From questions about IT security in a mobile world, to meeting the attestation standards of SSAE 16, to finding the right talent, today’s new interconnectivity means that problems and solutions are often part of the same fabric. Information technology drives your success, even as it creates new vulnerabilities. We provide the guidance and strategies to help you create and maintain a secure cyber environment.  

How Citrin Cooperman Can Help

Monitoring potential IT vulnerabilities has become one of the most critical responsibilities. Protecting our clients’ data and business requires the right strategies combined with the best tools and the most knowledgeable experts. We guide our clients through identification and assessment of the risks their organizations face, in addition to providing advice on finding the right solutions to maximize their performance and security in a technologically-advanced world.

OurRelated Services

IT risk assessments - (e.g. SCORE ReportTM) - Security, Compliance, and Operations Risk Evaluation (SCORE) Report.  This report involves a high level risk evaluation of several key areas of the Company’s IT environment, including IT operations, physical and logical security, mobile devices recovery, network security, online security, data privacy and security compliance, and system and hardware controls.

SSAE 16 (SOC 1, 2 and 3) - We can provide SOC 1, 2 or 3 reports. SOC 1 reports provide assurance on the design and operating effectiveness of certain defined constraints relevant to user entities’ internal controls over financial reporting. SOC 2 and 3 reports evaluate an organization’s information systems relevant to security, availability, processing, integrity, confidentiality, or privacy.

Data mapping - Identifying, locating, and tracking sensitive data is a critical step in achieving a high standard of security. Sensitive data can be found in multiple sources such as servers, individual laptop and desktop computers, HR departments, and more. Data mapping allows our IT security professionals to assist management in identifying what critical data and information exists in the company and where it resides, to aid them in implementing plans targeted at safeguarding the sensitive information that companies have a responsibility to secure.

PCI - PCI DSS - compliance and readiness offers valuable services to help merchants who process credit card payments meet the applicable Payment Card Industry Data Security Standard (PCI DSS) requirements:

  • PCI DSS gap assessments
  • PCI DSS compliance assessments
  • Remediation and project management
  • Penetration and vulnerability assessments
  • Sustainment and reporting

HIPAA - HIPAA compliance and readiness compliance with HIPAA and HITECH Omnibus rules involves meeting 22 separate standards for administrative, physical, and technical safety of electronic, verbal, and written protected health information (PHI). Patient protection law compliance is required not only by the medical provider, but also their associates. Failure to comply can result in fines of up to $1.5 million per provision per year. Our services include:

  • HIPAA gap assessments
  • HIPAA compliance assessments
  • HIPAA risk assessments
  • Remediation and project management

Vulnerability testing - We can provide and assessment to assemble a prioritized list of physical and logical technology vulnerabilities for businesses that want confirmation they have achieved a high level of security. The deliverable for the assessment is a list of discovered vulnerabilities ranked in order of risk level, along with recommendations on how to remediate the weaknesses.

Breach response

ISO 27001/27002

IT forensics

Phishing risk assessments

Best practices assessment

Policy and procedure design