Azure Compliance Assessment & Remediation: 4-Week

The Compliance Assessment and Remediation offered by 2nd Watch is a comprehensive assessment and remediation professional service that evaluates your Azure infrastructure against industry standards CIS, GDPR, HIPAA, NIST, PCI DSS, and SOC 2, as applicable, in order to help monitor, report, and auto-remediate non-compliant activity.

The Compliance Assessment and Remediation Service for Azure includes a four-week consulting engagement and a team of one project manager and two senior cloud consultants utilizing tooling such as Azure Policy and Log Analytics.

Agenda

Week 1

• Conduct kickoff meeting to discuss project scope
• Identify cloud accounts
• Setup compliance tool

Week 2

• Compliance assessment against specified industry standard policies
• Conduct interviews with security and infrastructure SMEs
• Identify and review existing change control, access management and incident response documentation
• Generate reports on compliance status
• Provide vulnerability and threat assessment with risk scoring and OS patch version reporting

Week 3

• Conduct remediation to resolve known vulnerabilities
• Develop or update customer security and compliance policies
• Develop custom policies and guardrails in tooling
• Setup or modify Identity and Access Control (AIM) and security groups
• Implement audit trail and log aggregation tooling such as Azure Policy and Log Analytics

Week 4

• Final verification of compliance status by re-assessing environment against industry standard policies
• Identify go-forward plan for continuous compliance

Pricing is based on the number of Azure Subscriptions and hours of remediation.