Frequently Asked Questions
Q: My company has an insurance policy which covers our risks to systems & network security, business interruption, privacy & media liability. What more can Unified SRM provide us?
​
A: TBP
​
​
Q: If cyber security is the IT department's problem, why the risk management discussions?
​
A: Cyber security is a holistic business concern - not solely the IT departments problem. It is obvious the IT department does play a role in administering the most of the equipment, but not all of it. The security program needs authority, resources and information to be successful. An effective security program interacts with all the business's departments, but is orchestrated by the position responsible for the business's profit and loss - its a true team effort.​
​
​
Q: What will Unified SRM do for U.S. Government Contractors, sub contractors and NISP members?
​
A: We will help you, meet the RFP & contractual requirements for Cyber, Facility, NISP and other environments.
​
​
Q: What will Unified SRM do for county and municipal governments with legal requirements, or to improve our security posture?
​
A: Whether you have security requirements or just want to increase the breadth and depth of your security program, we will help you by performing assessments, security program updates, controls implementation and program management.
​
​
Q: What geographical area do you service?
​
A: We typically work within a two hour drive of Madison, Wisconsin; but exceptions will be considered on a case - by - case basis.
​
​
Q: What organizations need the services of Unified SRM?
​
A: Companies that are NISP members either are or desire to be a U.S. Government prime or subcontractor; county or municipal governments that are not compliant with legal security requirements or want to establish or improve their security program. We can also help companies that have no contractual or legal requirements, but want to establish or improve their security program.
​
​
Q: What sets Unified SRM apart from other security companies?
​
A: Unified SRM provides services in the context of the fourteen principals of a U.S. federal civil servant (ref. EO 12674) and the U.S. uniformed service's core values; which means how we do what we do has been molded by our country's founders, and continues to be performed in their spirit.
​
Q: How does our organization start doing business with Unified SRM?
​
A: We will start off by performing an assessment of the target environment(s), then provide you an assessment findings report, which will prioritize remediating the most significant threats first. Subsequently, if you desire follow-on remediation, we will define the project's goal(s), scope, time frame and other variables, then we create the plan, deconflict operations, coordinate resources, schedule the project's tasks then wrap up with the project review.
​
Q: What types of organizations or industries can Unified SRM's solutions be applied to?
​
A: Unified SRM's solutions can be applied to any industry and companies of any size as they are predominately mission oriented, scalable and flexible.
​
Q: Why would our organization want to be compliant with DFARS Clause 252.204-7012?
​
A: DFARS Clause 252.204-7012 was published in 2016 to strengthen the security relationship between the U.S. Government and its private sector partners, by requiring contractors to 'Safeguard Covered Defense Information', 'Report Cyber Incidents', 'Submit Malicious Software' and 'Facilitate Damage Assessments'. Compliance with the clause is a requirement to either establish or maintain participation in federal contracts.
​
​
Q: Can Unified SRM provide our organization with a cyber security solution, which does not consume a lot of our staff's time, is not confusing to staff and management, and limits cost over runs?
A: Unified SRM's services are primarily based off of NIST, DHS, and CNSS products - which means they are researched, tested and have been implemented in real world situations; to provide a scalable, mission-oriented, economical and flexible security plan, which is customized to your organization.
​
​