I have reviewed over the past few years several NIST type assessment tools and just renewed Security Studio again. There are so many things that the S2 org tool does and does well. I love the deliverables! The deliverables are easy to create and are easy to present to other non-technical shareholders to get that “buy in” when we prioritize our goals for infosec. The industry comparison FISA score is genius and I base one of my departments KPI’s off of improving that score month over month. I can easily measure our remediation investments against our improvement or risk. When I did security consulting over the years, I would present a report and the following year would find the same high priority issues with nothing accomplished. This tool seems to drive action. S2 continues to refine the tool and open to suggestions. The support are responsive and rock stars!

Tech Reformers, LLC uses S2org to provide evidence of compliance across 4 areas of risk. We like how clients upload policies and procedures to be reviewed by our certified experts. It helps us create a roadmap to improve security. Security Studio lets us partner with our clients in a productive and efficient manner. The tool allows us to build long term relationships with our clients as, together, we work to improve security and lower risk across the 4 domains: Administrative Controls, Physical Controls, Internal Technical Controls, and External Technical Controls.

One tool, multiple compliance standards. CMMC, HIPAA, ISO 27k, Soc 2 all map back to this tool. It provides a true measurement of risk, not just a gap analysis to the requirements/standards. Its quantifiable so it is easy to track risk remediation efforts.