Higher Education Compliance Services

Sera-Brynn is relied upon by institutions of higher education for its advisory services and expertise in interpreting NIST, ISO, and other security controls in complex environments.

The interconnectivity of students, staff, researchers, laboratories, health care providers, visitors, and others is part of what makes colleges and universities centers of innovation and collaboration. However, unmanaged interconnectivity increases risk of data theft, threatens to interrupt day-to-day operations, and may jeopardize federally-funded research projects.

Sera-Brynn understands that compliance is a critical issue that affects everything from use of cloud services to supply chain security. The scope is expected to grow in 2018 as U.S. government regulations expand to include more data types that are prevalent in the university environment.

Higher Education Compliance Consulting Services include:

  • Guiding postsecondary institutions in implementing the NIST SP 800-171 controls to protect student information as recommended by the U.S. Department of Education.
  • Assessing how an institution, or a research unit within an institution, is handling and storing Controlled Unclassified Information (CUI) pursuant to NIST SP 800-171 and, if applicable, the Defense Federal Acquisition Supplement (DFARS).
  • Identifying and implementing controls related to Controlled Unclassified Information (CUI), ranging from student personal information – including military, DoD Civilian, and veteran students — healthcare data, financial aid information, to research performed under agreements with government agencies.
  • Analyzing and documenting risk tolerance in a way that suits the unique university environment and supports its research mission.
  • Providing as-needed technical services including cyber vulnerability assessments, penetration testing, and incident response reporting and remediation.
  • Mapping overlapping compliance needs, including those driven by GLBA, DOE, DFARS, FAR, GDPR, ISO 27000, and others.

Sera-Brynn has tremendous experience bringing organizations into compliance with cyber risk–related requirements. Through our compliance services, Sera-Brynn will determine what specific requirements or guidance means for the organization, present practical solutions for implementing controls, and offer insight into what to expect from future regulations.

By planning, implementing, and auditing based on cyber risk intelligence, institutions can measurably improve security and protect the value of information.

Read our analysis, “Cybersecurity Acronyms for Higher Education” here.

Sera-Brynn welcomes the invitation to bid on university projects and, in doing so, will hold itself to the highest level of professionalism, responsiveness, and fairness. All of Sera-Brynn’s consulting projects with universities are designed to be collaborative in nature and will involve a robust level of knowledge transfer.