Providing internal audit services in the nature of business auditing, IT and systems auditing, information security and privacy auditing; disaster recovery services, namely, business continuity and disaster recovery consulting

Attest services in the nature of cybersecurity and privacy compliance frameworks, standards and regulations under the Sarbanes Oxley Act (SOX), Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health Act (HITECH), Payment Card Industry Data Security Standard (PCI DSS), Gramm-Leach-Bliley Act (GLBA), Consumer Financial Protection Bureau (CFPB), Federal Financial Institutions Examination Council (FFIEC), National Technical Information Service (NTIS), Limited Access Death Master File (LADMF), General Data Protection Regulation (GDPR) laws, E.U.-U.S Privacy Shield, Criminal Justice Information Services (CJIS) assessments, Agreed Upon Procedures (AUP) engagements, System and Organization Controls (SOC), SOC1, SOC2, SOC3 and SOC for Cybersecurity, Statement on Standards for Attestation Engagements (SSAE), International Standard on Assurance Engagements (ISAE), and Canadian Standard on Assurance Engagements (CSAE), Microsoft Supplier Security and Privacy Assurance Program (SSPA), and CFPB readiness

Providing cybersecurity services, namely, services related to ensuring the secure access to data and all the cybersecurity measures and controls in place to prevent unauthorized access; providing cybersecurity and information security compliance and assessment services in the nature of assessing computer systems for the capability to identify, protect, detect, respond, and recover from unauthorized access or data breach; development of security systems and contingency planning for information systems, scanning and penetration testing of computers, networks, applications to assess information security capabilities; assessments of compliance with cybersecurity and information security frameworks to ensure the confidentiality, integrity, and availability of data; providing cyber risk and privacy services in the nature of assessing security and privacy controls and procedures in place to identify and control access to data; assessing the processes and procedures in place to evaluate the cyber and privacy capabilities related to systems, people, assets, data, and capabilities; providing cybersecurity advisory services in the nature of system and data security consultancy related to identification, assessment, remediation of controls, processes, policies, infrastructure, and overall cyber capabilities; computer security consultancy services, namely, providing General Data Protection Regulation (GDPR), E.U.-U.S. Privacy Shield, Health Insurance Portability and Accountability Act (HIPAA) security and privacy and Health Information Technology for Economic and Clinical Health Act (HITECH), cybersecurity, data privacy, information security and compliance best practices review, compliance program assessment in the nature of assessing people, processes, technology, data, assets, policies, and procedures to ensure compliance with information security and privacy standards and requirements, computer network and enterprise-level risk assessment, third party risk management, data protection analysis and privacy impact assessment services; computer, network, and information security services in the nature of providing technology penetration testing, social engineering, namely physical entry and security assessments, phishing e-mails, fictitious phone calls, testing to determine the ease with which computer network security could be compromised or whether users disclose sensitive data to outsiders, network layer testing, wireless network testing, mobile application testing, web application testing, automated penetration testing, subscription-based penetration testing, and computer network and application vulnerability assessment services; providing internal audit services in the nature of cybersecurity, risk management, and privacy assessments and reviews to ensure compliance and adherence to cybersecurity frameworks, internal controls, and regulations; cybersecurity consultancy services, namely, providing cyber assessment services and examination readiness assessment services; providing Software-as-a-Service (SaaS) services, namely, software for tracking, auditing, storing, and reporting of compliance (with local, state, federal, and international cybersecurity and privacy standards and regulations), governance (oversight of visibility), and risk management (evaluation of current risk exposure and enablement of risk-based decision-making) related to cybersecurity, data protection, and privacy

Regulatory compliance consulting and assessment services in the nature of providing advisory SERVICES relating to cybersecurity and privacy compliance frameworks, standards and regulations under the Sarbanes Oxley Act (SOX), Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health Act (HITECH), Payment Card Industry Data Security Standard (PCI DSS), Gramm-Leach-Bliley Act (GLBA), Consumer Financial Protection Bureau (CFPB), Federal Financial Institutions Examination Council (FFIEC), National Technical Information Service (NTIS), Limited Access Death Master File (LADMF), General Data Protection Regulation (GDPR) laws, E.U.-U.S Privacy Shield, Criminal Justice Information Services (CJIS) assessments, Agreed Upon Procedures (AUP) engagements, System and Organization Controls (SOC), SOC1, SOC2, SOC3 and SOC for Cybersecurity, Statement on Standards for Attestation Engagements (SSAE), International Standard on Assurance Engagements (ISAE), and Canadian Standard on Assurance Engagements (CSAE), Microsoft Supplier Security and Privacy Assurance Program (SSPA), and CFPB readiness; Regulatory compliance consulting relating to security of computer networks, applications, and personal information, namely, providing SOC assessments and attestation, PCI DSS assessment and advisory services, healthcare-related assessments in the nature of HIPAA, HITECH, Health Information Trust Alliance (HITRUST) assessments, International Organization for Standardization (ISO) certification services, federal assessments in the nature of Federal Risk and Authorization Management Program (FedRAMP) authorization, Federal Information Security Management Act (FISMA) authorization and certification, and National Institute of Standards and Technology (NIST) assessment services, including providing NIST Special Publication (SP), Federal Information Processing Standards (FIPS), and Cybersecurity Framework (CSF) assessment services; computer security consultancy services in the nature of consulting to aid in compliance with legal and regulatory requirements namely, providing General Data Protection Regulation (GDPR), E.U.-U.S. Privacy Shield, Health Insurance Portability and Accountability Act (HIPAA) security and privacy and Health Information Technology for Economic and Clinical Health Act (HITECH), cybersecurity, data privacy, information security and compliance best practices review, compliance program assessment in the nature of assessing people, processes, technology, data, assets, policies, and procedures to ensure compliance with information security and privacy standards and requirements, computer network and enterprise-level risk assessment, third party risk management, data protection analysis and privacy impact assessment services