Scribd
Upload
42 views

Proposal for vCISO 2

The proposal outlines a virtual Chief Information Security Officer (vCISO) service aimed at providing consulting and compliance support for various security frameworks, including SOC2. Key activities include policy development, enforcement tracking, HR security training, and coordination for SOC2 audits. The service will be delivered remotely with a commitment of 10 hours per week at a rate of $100 per hour, with invoicing based on a monthly timesheet.

Uploaded by

info
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
42 views

Proposal for vCISO 2

The proposal outlines a virtual Chief Information Security Officer (vCISO) service aimed at providing consulting and compliance support for various security frameworks, including SOC2. Key activities include policy development, enforcement tracking, HR security training, and coordination for SOC2 audits. The service will be delivered remotely with a commitment of 10 hours per week at a rate of $100 per hour, with invoicing based on a monthly timesheet.

Uploaded by

info
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 3

PROPOSAL #

PTPL2203USP24001

PROPOSAL FOR
vCISO

1
PROPOSAL #PTPL2203USP24001
2 Date: 03-24-2022

INTRODUCTION
Our experts work with multiple registrars in providing auditing and maintenance services in the areas of ISO
9000, ISO 14000, ISO 20000, ISO 27000, ISO 27701, ISO 18000, ITIL, PCI/DSS, SOC2, NOC, Pen Test and GDPR
We have a good track record in providing quality services.

PROPOSED SERVICE DESCRIPTION


Consulting Service - vCISO
Activities:
 Developing and maintaining policies and procedures
 We, as vCISO will write and maintain policies and procedures in documents or
system that is meant to manage SOC2 framework
 Enforcement & tracking
 We, as vCISO will setup system or metric scorecard of kpis related to
enforcement of the policies and procedures with dashboard that can be
accessed and discussed any time
 HR security
 We, as vCISO will be responsible for making sure that all hiring documents and
procedures are followed according to the new hire sop and provide training to
the new hires and ongoing training to the existing employees with access to PII.
Also there is responsibilities for making sure that security training and
procedures are placed in each job description for each role in
 SOC2 Audit
 We will work with SOC2 auditors to gain recertification of the SOC2 Type2
Certificate
 Customer questionnaires
 customers, custodian partners send security questionnaires to typically once
per year. It will be our role, as vCISO to maintain and respond to these
questionnaires in a timely manner

Service Description:
 Certified and qualified Sr. Consultants will help in updating / upkeeping all documents,
records and systems as vCISO.
 vCISO will help to perform gap analysis to check the compliance of all requirements as
required by the standard.
 vCISO will coordinate and help to fill-up any gaps and resolve any issue to get them
ready for SOC2 requirements or any other InfoSec compliance requirements.
 vCISO will work closely with management to build and maintain a strong security
framework in aligned with SOC2 requirements.
 vCISO will oversee the compliance of IT infrastructure and help the IT admin / SMEs to
keep the IT infrastructure aligned with SOC2 and other InfoSec requirement.
 vCISO will continuously work with management to maintain the InfoSec framework and
identify any opportunity for improvement to make the framework stronger and aligned
with SOC2 / other InfoSec compliance.
Service Mode:
Remote
Action Plan:
PROPOSAL #PTPL2203USP24001
3 Date: 03-24-2022

vCISO will communicate with top management and


SMEs every week / as and when it is required.
vCISO will gather initial information and
requirement to define policies and procedures and
build up InfoSec framework.
vCISO will update top management in weekly meeting regarding the maturity of security
framework, gaps, reports, additional requirements / implementations

Resource Plan for vCISO:


There will be two resources work jointly as vCISO to maintain the availability.

INVOICING AND OTHER TERMS


Deliverable time:
We will dedicatedly allocate 10 hours per week to vCISO job role.
We will submit the weekly timesheet for your on monthly basis for your review.

Invoicing:
Per hour rate: $100
We will rise invoice on monthly basis based on the timesheet.
Minimum committed hours: 10 hours per week
We will rise invoice on monthly basis based on the timesheet. Any additional hours will be
added in the invoice based on the approved timesheet.

You might also like