CMMC Solutions: Board Governance & Oversight

Clarity of thought, built over 100 years of international experience

CMMC Europe is a group of experienced and qualified partners in cyber security, cyber risk management, legal, consulting and executive placement.  Who provide organisations with advisory services for the design and delivery of CMMC compliance, cyber risk management, cyber security oversight and assurance and organisational design.

We have all held senior leadership positions and are experienced in board advisory and educating boards in cyber security, delivering executive governance, oversight and assurance.  Andy the founding partner has delivered cyber security and cyber risk management strategy, board governance and oversight to executive leadership teams across a range of industry sectors and works as an expert witness specialising in cyber security and risk with Government agencies.  He is a Chartered Security Professional (CSyP) and CSyP assessor, one of only 2 Professional qualifications recognised by the UKs Centre for the Protection of National Infrastructure (CPNI), he holds a place on the UKs Register of Chartered Security Professionals and Associate of the Academy of Experts.

Executive governance

Cyber security sits as a significant risk at the feet of the board table.  The long-term prognoses for cyber and the board is that cyber will only become a more significant risk as the digital economy grows.  The cost of cyber compliance is high as is the costs of cyber remediation post incident.  Regulatory compliance is increasing, with regulators from many sectors focusing on cyber risk management.  The EU GDPR,  California’s data protection regulations (CCPA, 01.01.2020), New York Department of Financial Services (NYDFS) cyber regulation and China’s internet security law (01.06.17). CMMC will implement cyber regulation across the US DoDs DIB. Require independent and on-going oversight and assurance of an organisations cyber maturity. Cyber requires board oversight and assurance to ensure the board room remains up to date on cyber related issues, manage the organisations cyber maturity in line with FCI and CUI requirements and manage the potential damage to financial statements in the event of a cyber attack.
We we work organisations from various industry sectors delivering board programmes for the oversight and assurance or cyber risk.
  • Define board governance policies and procedures for the oversight of cyber and technology risk.
  • Implement cyber and technology oversight including appetite setting and associated KPIs and KRIs for  risk oversight.
  • Work with organisation to develop control effectiveness testing programmes
  • Develop cyber risk remediation programmes, to close gaps in cyber security maturity.

Chartered Security Professional (CSyP)Security Institute (MSyI)Worshipful Company of Security ProfessionalsAcademy of Experts