Kearney & Company, an accounting and consulting firm, is committed to complying with Federal contracting requirements regarding information system security. To that end, Kearney engaged TalaTek’s expertise in risk management to independently evaluate its internal data-handling practices against NIST SP 800-171’s guidance for safeguarding Controlled Unclassified Information (CUI). To complete the assessment, TalaTek’s technical analysts also reviewed Kearney’s existing architecture and email solution; offered recommendations to further ensure Kearney’s assets, data, and resources are compliant; and provided policy and procedural documentation that meets NIST SP 800-171 requirements.
“TalaTek’s record of identifying risk and solutions made it the clear choice for this important project,” said Phillip Moore, who leads the Kearney IT Assurance and Cyber Services. “The team compiled a thorough picture of how we process, store, and transmit CUI, then recommended mitigations and developed policies we can easily integrate into our current approach to security. TalaTek gave us a pathway to continued compliance, one that ensures our client data is protected.”
[TalaTek’s] commitment to ensuring effective, efficient use of government resources allocated to the contract is commendable. Their proactive management has resulted in enhanced security management and more robust risk management of our systems.
The vendor’s work has been outstanding, with deliverables being accepted with little to no changes being required. Security technical details and data are always of a high quality. Documentation, templates, and reports are used at an agency level to serve as templates and samples of excellence to others.
The security team does a great job with managing expectations on delivery of work products and activities through use of detailed project schedules. Work and project activities are always on time or ahead of schedule.
Program management and technical team leads do a great job of facilitating communications, documentation, and ensuring QA as required to support program deliverables.
The vendor has provided consistent quality services and deliverables under this contract. Their commitment to ensuring effective, efficient use of government resources allocated to the contract is commendable. Their proactive management has resulted in enhanced security management and more robust risk management of our systems.
“The Human Genome Sequencing Center (HGSC) has worked with TalaTek since March of 2012, when they helped us successfully achieve a critical compliance milestone on a very tight timetable.
“Since then, TalaTek has helped us navigate the challenges of FISMA compliance while always keeping our security status in mind and costs down. TalaTek’s subject matter experts helped our team effectively prioritize efforts to meet our security and compliance needs. They have been flexible and responsive, tailoring solutions to our unique concerns.
“TalaTek’s Security as a Services model provides an in-depth approach to compliance and risk management while engaging and informing the customer throughout the entire process. Their scalable and customized approach to project management keeps our business mission in mind while providing a cost-effective solution to improving our security profile. I have valued their commitment to finding the right solution for my business, rather than fitting my business into a standard solution.”
TalaTek has been a highly valuable advisor to our team. Led by Baan Alsinawi, TalaTek team members are professional, knowledgeable, and analytical. They have brought experience and perspective to support both the business and technical aspects of the creation of our information assurances processes and standards. TalaTek has been able to work around our changing requirements within our department and the organization overall. The team has been flexible and informative in each step of the delivery of its services while maintaining alignment with our budget. I would highly recommend working with TalaTek for information assurance and risk management projects.