ASSESSING


  • Program Maturity Assessments

  • Barndoor Flash Assessment

  • Information Security

  • Privacy

  • Application Security

  • Legal

  • Physical Security

  • Product Architecture

  • Security & Privacy Product Features

  • Threat Models

  • Team & Talent

  • Capability Assessment

  • Career Progression


BUILDING


  • Programs

  • Information Security

  • Privacy

  • Application Security

  • Physical Security

  • Technical Capabilities

  • DevSecOps Tooling

  • Security Champions

  • Azure & AWS Security Landing Zones

  • Critical Response Capabilities

  • General Security Incident Response Tabletops

  • PSIRT Processes


ADVISING


  • Strategic Retainer

  • Unlimited access across all security & privacy disciplines

  • We are NOT a vCISO

  • Transitional Assistance

  • Team stabilization

  • New CISO on-boarding

  • Product/Market Readiness

  • US Federal

  • EU/UK

  • Hiring

  • Senior Leadership [CISO/CPO]

  • Security & Privacy Managers & ICs

  • Staff Augmentation Resources


Contact us


  • Email

[email protected]

  • Phone

+1 508-217-3330

  • Visit us

139 Main St Suite #4 Sturbridge, MA 01566


Talk to us



mentoring


If you are interested in participating in the PSG mentoring program, please fill out the details below and we will get back to as soon as we can.


Security Policy


  • LAST UPDATED: January 1, 2023

Product Security Group establishes this security policy to protect employees, our company, and our customers.It is important to know:

  • All employees, contractors, visitors, and vendors are responsible for following this policy.

  • Violations of this policy may be subject to actions in our Sanctions standard.

  • To send questions about this policy to the security team.

  • Company's Security Goals

  • C1 - To maintain a standards-based program to manage security.

  • C2 - Strive to build only secure applications.

  • C3 - Strive to deploy and operate secure systems and networks.

  • C4 - Strive to ensure everyone has the ability to work in the case of a disaster.

  • Everyone's Security Goals

  • E1 - To complete security training at least once a year.

  • E2 - To handle all data according to our standards.

  • E3 - To use the company's assets according to our acceptable use standards.

  • E4 - To ensure a secure and safe work environment.

  • E5 - To help us meet all our legal, compliance, contractual, and regulatory requirements.

  • E6 - To report insecure or suspicious activity to the security team.

  • E7 - To maintain the privacy of the information they may use.

  • E8 - To report risks to the security team who will manage them.

  • E9 - To undergo background screening before starting employment at the company.

  • E10 - To use only approved methods to access company assets.

  • E11 - To have all new technology or services reviewed by the security team.

  • E12 - To use their own device for business purposes as long as they follow our standards.

  • E13 - To read and attest to the security policies every year.

  • Exception Management

The security team's exception management process handles exceptions to this policy.


PRIVACY policy


  • LAST UPDATED: January 1, 2023

  • What do we collect?

  • Fullname, Email Address, Phone Number

  • Session Token/Cookie

  • How do we collect it?

  • Buy a product or service

  • Contact us

  • Complete a survey or poll

  • Use or view our website

  • How will we use it?

  • Process an order or manage your account

  • Contact you back

  • Improve our products

  • Improve our website

  • How do we store it?

  • Stored in Microsoft Data Centers in the USA.

  • Retained for 6-months past the last contact.

  • What are your rights?

  • Note: All of these rights may not apply in all conditions

  • Access: You can request the data we have on you for a small fee: $10 USD

  • Rectification: You can update the data we have on you

  • Erasure: You can erase your data

  • Restrict Processing: You can restrict processing of your data

  • Object to Processing: You can object to processing

  • Portability: You can request an export of your data

  • Response: We will respond to these requests within 30 days and may require proof of identity or charge an additional fee if the request is excessive.

  • Children

  • This site is not for children and we will erase their information if notified.

  • California folks

  • We do not sell your personal information

  • We are too small to qualify under CCPA/CPRA but adhere to many of the tenets since they are the right things to do.

  • EU/UK/Swiss folks

  • Data Protection Officer: Marc French, CISO & Managing Director is the DPO.

  • Legal Basis: Contractual:To fulfill your order for a product or service, Consent: To fulfill your request to contact you, Legitimate Interest: To maintain the website, Compliance To fulfill legal obligations.

  • Subprocessors: Microsoft, Google

  • Transfers to 3rd parties: When required by law or legal process, to fulfill your contract, defend our legal interests, or to investigate and prevent illegal/unsafe activities.


cookie policy


  • LAST UPDATED: January 1, 2023

  • What is a cookie?

  • A cookie is a small text file that is placed on your hard drive by a web page server

  • Do we use cookies?

  • Yes

  • Why do we use them?

  • We use cookies to manage your website session and user experience.

  • What cookies do we use?

  • Our use is limited to 3rd party cookies from Google Analytics: utma, utmb, utmc, utmv, utmz

  • Do Not Track

  • We do not process DNT signals


How to contact us
By email
[email protected]