Organizational Assessments

Smart Tracking & Compliance

C’S|3 Consultancy Assessments look holistically for the health of organizations by combining time-tested assessments & tools with a comprehensive assessment and audit of your enterprise.

Get familiar with our assessmentsLearn More!

Organizational Assessments Synopsis

We believe the sum of all healthy parts of the organization makes the organization whole. Sometimes, it's important to get a fresh perspective at various leadership levels and identify where the gaps are to look at them with new insights and intelligence.

You can use free and paid assessments, or engage C’S|3 Consultants to use various assessment tools. These Assessments will help you with these insights, understand the problem areas, and help you create alignment & integration strategies to mitigate those gaps, be it in operational strategy, HR, Financial, Technology, Risk or looking comprehensively from the leadership level. These assessments are designed to not only identify gap but create a roadmap for you in collaboration to make a pathway to become profitable, sustainable, and resilient to risk across various influences on your operations, industry and markets.

The ultimate fulfillment of C’S|3 is to see you succeed as leaders of your enterprise, to partner with you in the journey for creating strategic alignment, and eventually integrate with your systems, structures, and processes that fulfill your vision and mission.

Our Assessments and Audits cover the following realms. Each can be taken with our online tools or by working closely with a consultant.

Organizational Assessments & Audits:

Strategic Roadmap Assessment

Business operations help organizations thrive. You manage the inner workings of your organization/company, by seeking ways to generate revenue, increase productivity, and reduce costs. Transformation internally can have great long term impacts for your clients and an integrated alignment with organizational vision and mission. Take your operational plans and turn them into a strategic roadmap – so you can build sustainable long-term and short term strategies to thrive in good and unfavorable conditions.

  • Does your organization have a strategic roadmap?
  • Do your OKR’s Objectives and key results roll up to your strategy?
  • Are your OKR’s and KPI’s correctly defined and aligned to your Organizational Strategies?
  • Does your organization have a strategic playbook for all your teams?

To find out Engage our consultants to start the conversation and take an assessment to develop a strategic roadmap with our award winning time-tested tracking tools that we can help implement your defined metrics to fulfill your strategic objectives.

This assessment will help you see the gap so you can plan:

  • Validate your current strategy
  • Formulate a new strategy or make Changes. Build a Strategic roadmap
  • Roadmap to build measures to Focus on strategy
  • Improve organizational performance. Performance management measures
  • Align operations with strategy and your strategic roadmap
  • Improve communication of Vision and Strategy
  • Help Prioritize your strategic initiatives
Does this sound like what you need? Contact Us!

Business Workflow Automation Assessment

Why You Need This Assessment

As leaders are you aware of redundancy of processes in your organization? These processes cost human resources, time, and most importantly efficiency and effectiveness of your operations.

How We Help

Our assessment helps you identify these redundancies, gaps and help streamline a r roadmap of reengineering your business processes. The assessment is the first step in then identifying what are the things that can and need to be automated and what are things that shouldn’t be automated. As the pressure grows for your enterprise, shared service centers, and departments/areas to align with centers of excellence you want automation but evaluate first whether or not every process is right for automation.

Does this sound like what you need? Contact Us!

Financial Management Assessment

Financial management is one of the most critical aspects of an organization. Managing your finances, accounting and compliance during tax time with correct organizational filings for your enterprise and the personnel is critical.

C’S|3 financial assessment takes you through a series of questions to evaluate your current requirements, validate your accounting and financial practices, and help you with ideas for optimizing your accounting workflows and possibly even automate some accounting processes based on your business transactions and operational needs.

A financial statement audit is an engagement performed by an independent Certified Public Accountant to provide assurance that your financial statements are reported in accordance with accounting principles generally accepted in the U.S. C’S|3 certified public accountants, provide audited financial statements to businesses, nonprofit organizations and government agencies. Each audit is customized to meet the needs of the organization. However, the overall approach to every audit is the same.

  • Engagement Acceptance: The American Institute of CPAs recommends that an auditor evaluate the risks associated with each engagement. Therefore, a C’S|3 consulting auditor inquires about any special circumstances, the integrity of management, and pending lawsuits before performing a basic assessment or a full-fledged audit based on the nature of engagement. During this phase, C’S|3 auditors will also evaluate the staffing needed to complete the engagement and determine that each accounting auditor staff member is able to maintain an independent viewpoint while performing the engagement. Once C’S|3 The auditor decides to accept the engagement, an engagement letter is prepared that details the timing, responsibility, and cost of the audit.
  • Planning: C’S|3 Auditing standards require that an auditor prepare adequate planning for an engagement. The amount of audit planning needed is in direct relation to the size and complexity of your organization. C’S|3 Audit planning involves obtaining an understanding of the organization’s business and industry, performing trend and ratio analysis, documenting your entity’s process of internal control, and assessing the risks of misstatements in s financial statements. C’S|3 auditor utilizes the results of the planning process to determine the timing and extent of audit testing.
  • Audit Tests: During the fieldwork process, C’S| audit consultants spend time with your organization’s offices and perform tests of financial data. For instance, a CPA selects a random sample of hundred disbursements to ensure checks are payable to the correct vendor and are written for the correct amount. In addition, your engaged C’S|3 auditor reviews the invoices associated with the disbursement to ensure the expenses are classified correctly and that the vendor actually exists. Depending on the results of the planning process, the auditor performs a variety of tests on financial statement accounts.
  • Account Analysis: During the account analysis process, the C’S|3 auditor ensures that financial statement account balances are supported by underlying documentation and analysis. A C’S|3 CPA evaluates the results of tests and reviews management’s responses, as well as the accounting team’s responses to inquiries and records the audit-adjusting journal entries. A C’S|3 auditor also documents reasons for large changes in accounts from year to year and performs any necessary research after approvals from your leadership regarding requirements under generally accepted accounting principles.
  • Reporting: C’S|3 CPAs will issue an opinion on audited financial statements as to whether the financial statements are presented in accordance with accounting principles generally accepted in the U.S. The opinion is issued on the Independent Auditor’s Report. Furthermore, the C’S|3 Auditors may also draft the basic financial statements and the accompanying notes for the organization’s management. The C’S|3 auditor also issues a report on any weaknesses found in the entity’s internal control process. C’S|3 auditors will also connect you with our accounting platform experts to guide you to a low-cost accounting system that will optimize your insights to your business, financial statements, and reporting requirements.
  • Summation: C’S|3 auditors are required to retain, secure, accurate proper documentation regarding the audit. The final step is ensured by obtaining signatures from management regarding management’s responsibility for the information reported in the financial statements. The information is retained by the CPA’s shared with your organizational financial and accounting leadership and your seasoned auditing/accounting firm should lawsuits occur regarding reported amounts and for a future account analysis.
Does this sound like what you need? Contact Us!

Organizational Cultural Assessment

Why do organizations invest in organizational culture? Culture influences organizational performance, innovation, agility, engagement, and competitiveness. Research shows that a toxic culture decreases productivity with 40%, while an effective culture increases productivity with 20%, and a positive culture even with 30-40%.

Use the OCAI tool on this website to assess the culture and start the process to develop organizational culture.

“Millions of people work in global settings while viewing everything from their own cultural perspectives and assuming that all differences, controversy, and misunderstanding are rooted in personality. This is not due to laziness. Many well-intentioned people don’t educate themselves about cultural differences because they believe that if they focus on individual differences, that will be enough.”
– Erin Meyer, The Culture Map: Breaking Through the Invisible Boundaries of Global Business

The Organizational Culture Assessment Instrument (OCAI, ©Kim Cameron) is a validated tool for assessing organizational culture, developed by Robert Quinn and Kim Cameron at the University of Michigan. It is based on the Competing Values Framework: one of the most used and useful frameworks in business (over 10,000 companies in 30 years). The online OCAI takes about 15 minutes.

We also use Organizational cultural inventory, Organizational effectiveness inventory, and also assess customer satisfaction styles for your organization.

The Benefits For Your Organization

Apply the OCI in your organization and you will provide members at all levels with an understanding of how they are currently expected to approach their work and interact with one another- and how the existing norms either support or interfere with problem solving and task performance. You will also empower them to create a vision of the ideal culture in terms of the behaviors that would enable them and the organization to execute strategic initiatives, achieve goals, and attain the mission. The OCI provides leaders and members with the data they need and a language for conversations about where they are now, where they want to be, and how they are going to get there.

The OCI is invaluable for:

  • Signaling and/or validating the need for cultural transformation
  • Supporting programs to enhance strategy implementation, employee engagement and inclusion, quality and reliability, and/or customer service
  • Gauging and improving organizational readiness for culture change
  • Addressing barriers to (and enablers of) agility, adaptability, and innovation
  • Facilitating mergers, acquisitions, and strategic alliances
  • Evaluating the impact of change efforts using the culture assessment again and again to measure progress and identify what’s working and what is not
  • Help Prioritize your strategic initiatives

The OCI can be facilitated by C’S|3 accredited consultants to work with you to build a custom development program for your organization or the organizations you support.

Does this sound like what you need? Contact Us!

Knowledge Management Assessment

C’S|3 Knowledge Management Audit helps analyze your current knowledge management practices, knowledge preservation in case key personnel/critical function jobs and identifying the gaps and risks for your business continuity and risk management.

C’S|3 Knowledge Management Audit will help your organization design or enhance your current plan to retain your human resource and inventory & document their skill sets, identify key business process documentations. Design and preserve the historical, current as well as position your future knowledge database for growth and continuity of your organization. C’S|3 knowledge management audit will also help you implement a system to create a single source of truth that everyone in the company will have access to, no matter where they’re working on.

Create a culture of sharing knowledge in your organization

Organizational Effectiveness Inventory

A research-based alternative to employee engagement and opinion surveys, the Organizational Effectiveness Inventory is appropriate for data-based change programs designed to promote not only employee engagement, but organizational effectiveness as well. The OEI assesses 32 levers for cultural change as well as 12 outcomes of culture.

C’S|3 Organizational Effectiveness Inventory Assessment coming soon

Organizational Risk Management Audit

C’S|3 comprehensive organizational risk management audit is 4-6 month engagement that includes all our assessments used to bring you a detailed report of risks on all parts of your enterprise ranging from Governance, Compliance, Legal, Human Resources, Technology, Facilities, Financial, Brand/Communication, IP, DR/BC, Vendor and organizational implementing or planning Change management processes. C’S|3 comprehensive risk management roadmap helps your key leadership to map out strategic risk management on one year, three year and five year roadmap.

C’S|3 Consultants use different frameworks like FISMA, COSA and ISO 31000 frameworks.

A risk management framework (RMF) is the structured process used to identify potential threats to an organization and to define the strategy for eliminating or minimizing the impact of these risks, as well as the mechanisms to effectively monitor and evaluate this strategy.

Risk Management Framework (RMF) Overview

If organizations decide to take the FISMA approach, they select and specify various security controls for their systems. This is done as a part of an enterprise-wide information security program. The FISMA approach includes management of risks faced by the organization as a whole and the individuals involved with all operational processes.

The FISMA approach gives an effective framework to select security controls in a system that are necessary to protect operations, individuals, and the assets of an organization.

Risk-Based Approach

The FISMA risk management framework is a process for companies that combines risk management activities and security into the system’s lifespan. This approach takes effectiveness into account as well as efficiency and constraints that an organization faces due to laws, orders, policies, regulations, and more.

The following are activities that come with the FISMA risk management approach:

  • Prepare Step: This step includes taking care of all essential activities in an organization, the mission of the business and its processes along with all the information system levels of the company.
  • Categorize Step: Here the information is processed, stored, and transmitted based on impact analysis.
  • Select Step: Here the security controls are selected tailored to the company. They supplement the existing security controls when needed based on the company’s risk assessment.
  • Implementation Step: Here security controls are implemented and the process is documented based on how it works within the organization.
  • Assess Step: This step involves the assessment of security controls using predefined procedures so that the company can know whether or not the controls have been implemented correctly.
  • Authorize Step: This step is based on the risk to the operations and assets resulting from the risk management system to determine which risks are acceptable and which are not.
  • Monitor Step: The monitoring step is an ongoing process that assesses the effectiveness of the controls and documents the changes that have been made to the risk management system.

Organizations have come to realize that enterprise risk management is an ongoing and iterative process. Developing and implementing a strategy just once is not enough anymore. The risks to any company continue to evolve based on many changes in technology, the physical and economic climate, and more. This is why companies always need to be prepared to handle any risks that may come.

The three risk management frameworks are the most widely used ones by companies across the world. To implement these strategies, monitor them, and improve upon them regularly requires some amount of expertise.

Does this sound like what you need? Contact Us!

Technology / Security Assessments & Audits

Identity Management Assessment & Audit

C’S|3 Identity Access and Policy Management (IAM/IDP) Assessment helps you identify how secure your people’s identities are through your current systems like Active Directory or identity management solutions in place. This assessment unbiasedly checks the strengths and weaknesses of your current solutions, the technologies, and current gpas in them while reviewing the access management policies of your organizational digital assets. These will include all your internal and external stakeholders who are connected with you at different levels and distances of engagements.

  • Protect Your Business: Ensure that the right people have the right access and discreetly verify user identities when they log in and throughout the session. By using artificial intelligence (AI) to make smarter, better-informed decisions to modify users’ access, you will uncover outliers and toxic combinations of entitlements.
  • Enable Digital Transformation: Quickly enable access to resources and applications, whether in the cloud, on premises, or in a hybrid cloud. Whether you are providing access to enterprise users, privileged administrators or consumers, you will be able to offer the seamless experience your users expect.
  • Establish Compliance: Regulations come and go. It was SOX yesterday, GDPR and PSD2 today, and it will be something else tomorrow. Centrally manage access certifications, on- and off-boarding, and separation of duties violations, so you are prepared to meet new regulations when they arise.

Identity Access Management (IAM) Solutions

  • Privileged access management: Protect and manage access to privileged accounts in your organization with enterprise-grade password security and privileged access management. Easily discover, secure and manage privileged account passwords to protect from abuse and misuse.
  • Access Management: Make logging in easier for users and secure for your organization with single sign-on and risk-based multifactor authentication. With new adaptive access controls, tap into the industry’s deepest risk insights for smarter authentication, powered by AI.
  • Identity Governance and Intelligence: Confidently and securely grant access rights and entitlements within your organization. Provision, audit and report on user access and activity. Improve visibility into the way access is being used, prioritize compliance actions with risk-based insights, and make better decisions with actionable intelligence.
Does this sound like what you need? Contact Us!

Business Continuity / Disaster Recovery Strategy Assessment & Audit

We all know we should backup the company data. However, with the demands of business today this crucial process can be neglected. When was the last time that you did a test restore? Do you have a written strategy to follow when disaster strikes? Are there protections in place to protect from Ransomware? Do you know what your Recovery Point Objective (RPO) is? How about your Recovery Time Objective (RTO)?

Disaster Recovery (DR) and Business Continuity (BC) are closely related practices that support an organization’s ability to remain operational after an adverse event. The best strategy is readiness, preparedness, and planned response when these adverse situations occur.

In our DR / BC assessment, our professionals evaluate the strategy and processes with which you are protecting the data your business or organization depends on. Our approach gives organizations the key inputs and intelligence in terms of planning and preparing for scenarios of disaster that can range from natural disasters to known and unknown threats scenarios that undermine the continuing operations of your business and mission-critical applications.

Deliverables from the assessment will provide you with recommendations and steps to take to ensure that you are prepared to minimize the risk to your organization from the impact of a hacker, insider threat, or just plain old hardware failure.

Learn more about our features

Technology Risk Management Comprehensive Audit

Technology is an important strategic component of a business. Innovation in business practices without leveraging technology will isolate and can make an organization obsolete in the digital world. Technology however brings a lot of risks that have to be managed and mitigated in a timely manner. These risks can be at various levels ranging from cybersecurity risks affecting your infrastructure, information systems that include your apps, software and database systems, identities, and ultimately your people.

With completion of the C’S|3 Technology Risk Management audit, C’S|3 Cybersecurity Consultants provide you a comprehensive audit that will involve:

  • All layers of infrastructure (networks, endpoints, firewalls)
  • Storage and backup layers
  • Digital media
  • Business processes
  • Compliance requirements

In addition, C’S|3 Cybersecurity Consultants will evaluate your strengths, weaknesses, and gaps to create a roadmap for your organization to manage and mitigate these risks. C’S|3 Cybersecurity Consultants will do an evaluation of your current IT controls, IT policies and procedures, formulate a vendor management and selection process, and also provide you a BC audit from a technology perspective.

This audit also can be narrowed down to IT Network Assessment and Monitoring Audit and Pen Testing Services.

Learn more about our features

Compliance Assessments & Audits

PCI Assessment & Ongoing PCI Audit Management

C’S|3 Consultancy helps organizations become PCI compliant if they are processing any type of payments online or through terminals or using third party service providers for the ecommerce services or collecting financial gifts funding/donation based organizations.

What is PCI?

PCI is a risk-based security framework and the production of a Risk Analysis is one of primary requirements for PCI compliance. In fact, a Risk Analysis is the foundation for the entire security program. It identifies the locations of electronic stores of, and/or the transmission of Cardholder Data, vulnerabilities to the security of the data, and threats that might act on the vulnerabilities, and estimates both the likelihood and the impact of a threat acting on a vulnerability.

How does C’S|3 help?

The Risk Analysis Assessment helps Card Processing Merchants and their 3rd party Service Providers to identify the component of the Cardholder Data Environment (CDE), how the data moves within, and throughout the organization. It identifies what protections are in place and where there is a need for more. The Risk Analysis Assessment results in a list of items that must be remediated to ensure the security and confidentiality of Cardholder Data at rest and/or during its transmission. The Risk Analysis must be run or updated at least annually, more often if anything significant changes that could affect one or more system components in the CDE itself.

PCI Assessment Process

C'S|3 PCI Assessment Process - Gap Analysis (Steps 1-3)

C’S|3 Cybersecurity Consultants will perform a gap analysis and perform the required testing to be able to inform the client of the controls that need remediation to achieve PCI compliance. The assessment will include a review of the cardholder production network (including vulnerability and penetration testing) and supporting technical documentation. The assessment process may include interviews with company personnel to determine what PCI requirements are in place and where remediation is required.

The first phase of the project will involve reviewing and validating the current cardholder network environment, policies and procedures against the PCI Data Security Standard (DSS). The methodology for validation will include:

  • Review of current cardholder environment technology and security features
  • Mapping touch points to the corporate network
  • Examining access points and network components for security shortcomings from a PCI perspective
  • Verification that current documented controls meet the specific PCI DSS requirements
  • Scans and penetration tests to validate that the client has attained an appropriate level of security

For this phase, C’S|3 Consultants consultants will require the following documentation from the client

  • Current network diagrams of the appropriate environments with respect to cardholder data
  • Firewall/router configuration details
  • Data retention and disposal procedures
  • Policy and Procedures for physical security
  • Encryption Key Management Policy
  • Incident Response Policy
  • Password Policy
  • Change Control Policy
  • Build/Patch Policy
  • Internal Security Testing Procedures

C’S|3 Consultants will provide standard templates for the above mentioned policies and procedures, if so desired by the client.

C'S|3 PCI Assessment Process - Remediation Plan and Support (Steps 4-5)

C’S|3 Cybersecurity Consultants will keep a track of all remediation efforts and provide monthly status report to the client for the remediation steps. During this time, the client is expected to implement PCI controls and inform C’S|3 Cybersecurity Consultants continuously of all remediation measures.

C'S|3 PCI Assessment Process - Certification (Steps 6-9)

C’S|3 Cybersecurity Consultants will, as required for the project, deploy a PCI audit team of Qualified Security Assessors (QSAs) to carry out an on-site portion of the PCI DSS assessment. After completion of our internal quality assurance procedures, the client will be issued a Report on Compliance (ROC) and appropriate certification documentation will be submitted to various credit card brands. PCI DSS certification requirements are dependent on the level of the service providers as determined by their acquirer or the payment brands and is summarized below. Merchants and Services providers should contact their acquirer or the payment brands to identify their specific validation and reporting requirements.

  • Merchant Level 1:
  • Merchant Level 2: PCI Assessment Type: Annual Onsite Assessment. Reporting: ROC and Quarterly ASV Scan.
  • Merchant Levels 3 & 4: PCI Assessment Type: Annual Self-Assessment. Reporting: SAQ and Quarterly ASV Scan. Payment Brand or Acquirer Defines What is Required
Does this sound like what you need? Contact Us!

HIPAA Compliance Assessment / HIPAA Compliance Management

Any organization that handles PHI (Protected Health Information) is required by law to satisfy all requirements for HIPAA compliance-contrary to the common misunderstanding that a security risk assessment alone satisfies HIPAA regulatory requirements. According to HHS, 70% of the health care market is not HIPAA compliant, while CMS states that 79% of Meaningful Use audits result in failure. The two biggest factors of this widespread non-compliance are: incomplete risk assessments and a lack of understanding between the differences in HIPAA compliance and Security. With massive breaches, OCR investigations, and required annual security risk assessments, Covered Entities are looking to their Managed Service Providers for a MSP software training solution.

C’S|3 Consultants help with HIPAA compliance for benefits providers, healthcare companies and organizations that store, process any health related data on their constituents.

The Health Insurance Portability and Accountability Act of 1996, commonly known as HIPAA, is a series of regulatory standards that outline the lawful use and disclosure of protected health information (PHI). HIPAA compliance is regulated by the Department of Health and Human Services (HHS) and enforced by the Office for Civil Rights (OCR).

  • HIPAA Privacy Rule: The HIPAA Privacy Rule sets national standards for patients' rights to PHI. The HIPAA Privacy Rule only applies to covered entities, not business associates. Some of the standards outlined by the HIPAA Privacy Rule include: patients' rights to access PHI, health care providers' rights to deny access to PHI, the contents of Use and Disclosure forms and Notices of Privacy Practices, and more. The regulatory standards must be documented in the organization's HIPAA Policies and Procedures. All employees must be trained on these Policies and Procedures annually, with documented attestation.
  • HIPAA Security Rule: The HIPAA Security Rule sets national standards for the secure maintenance, transmission, and handling of ePHI. The HIPAA Security Rule applies to both covered entities and business associates because of the potential sharing of ePHI. The Security Rule outlines standards for the integrity and safety of ePHI, including physical, administrative, and technical safeguards that must be in place in any health care organization. Specifics of the regulation must be documented in the organization's HIPAA Policies and Procedures. Staff must be trained on these Policies and Procedures annually, with documented attestation.
  • HIPAA Breach Notification Rule: The HIPAA Breach Notification Rule is a set of standards that covered entities and business associates must follow in the event of a data breach containing PHI or ePHI. The Rule differentiates between two kinds of breaches depending on the scope and size, called Minor Breaches and Meaningful Breaches. Organizations are required to report all breaches, regardless of size to HHS OCR, but the specific protocols for reporting change depending on the type of breach. The specifics of the HIPAA Breach Notification Rule are outlined in the sections below.
  • HIPAA Omnibus Rule: The HIPAA Omnibus Rule is an addendum to HIPAA regulation that was enacted in order to apply HIPAA to business associates, in addition to covered entities. The HIPAA Omnibus Rule mandates that business associates must be HIPAA compliant, and also outlines the rules surrounding Business Associate Agreements (BAAs). Business Associate Agreements are contracts that must be executed between a covered entity and business associate (or between two business associates) before ANY PHI or ePHI can be transferred or shared. The details regarding BAAs are outlined in more depth in the sections below.
  • HIPAA Compliance: The OCR’s role in maintaining medical HIPAA compliance comes in the form of routine guidance on new issues affecting health care and in investigating common HIPAA violations. Through a series of interlocking regulatory rules, HIPAA compliance is a living culture that health care organizations must implement into their business in order to protect the privacy, security, and integrity of protected health information. Learn more about how to become HIPAA compliant with Compliancy Group’s software solutions.
  • What is Protected Health Information? Protected health information (PHI) is any demographic information that can be used to identify a patient or client of a HIPAA-beholden entity. Common examples of PHI include names, addresses, phone numbers, Social Security numbers, medical records, financial information, and full facial photos to name a few. PHI transmitted, stored, or accessed electronically also falls under HIPAA regulatory standards and is known as electronic protected health information, or ePHI. ePHI is regulated by the HIPAA Security Rule, which was an addendum to HIPAA regulation enacted to account for changes in medical technology.
  • Who needs to be HIPAA Compliant? HIPAA regulation identifies two types of organizations that must be HIPAA compliant.
    Covered Entities: A covered entity is defined by HIPAA regulation as any organization that collects, creates, or transmits PHI electronically. Health care organizations that are considered covered entities include health care providers, health care clearinghouses, and health insurance providers.
    Business Associates: A business associate is defined by HIPAA regulation as any organization that encounters PHI in any way over the course of work that it has been contracted to perform on behalf of a covered entity. There are many, many examples of business associates because of the wide scope of service providers that may handle, transmit, or process PHI. Common examples of business associates affected by HIPAA rules include: billing companies, practice management firms, third-party consultants, EHR platforms, MSPs, IT providers, faxing companies, shredding companies, physical storage providers, cloud storage providers, email hosting services, attorneys, accountants, and many more.
  • What are the HIPAA Rules? HIPAA regulation is made up of a number of different HIPAA Rules. The HIPAA Rules were all passed in the 20+ years that have come and gone since HIPAA was first enacted in 1996.
Does this sound like what you need? Contact Us!

GDPR Assessment & Ongoing GDPR Audit

General Data Protection Regulation

GDPR - Gap Analysis (Step 1)

The GAP Analysis highlights the areas of potential risk and non-conformance with GDPR, and is conducted by our team of GDPR-qualified consultants, infosecurity specialists and technology experts. It analyses the business’ maturity in eight key areas:

  • GDPR governance and accountability
  • Data privacy risk management
  • Organization’s understanding of the scope of GDPR
  • Personal information management
  • Security management
  • Third party management
  • Incident management
  • Protection of data subjects’ rights under GDPR

GDPR - Alignment (Step 2)

C’S|3 will then build a plan for remedying the shortfalls identified in the GAP Analysis, with a view to securing ongoing adherence. The goal is to reduce your operational risk and be able to demonstrate adherence to the Regulation. These plans are created specifically for every client, and can include areas such as:

  • Prioritization of the areas of most risk
  • Data Protection Officer / EU Representative Considerations
  • Process assessment and remedy
  • Technology & infrastructure alignment

C’S|3 Consultants will advise, lead and consult on the various areas of necessary improvement, and manage their overall delivery. We then demonstrate your alignment project provides your business with value by updating your original GAP Analysis to clearly identify the areas of improvement.

GDPR - Assurance (Step 3)

Ongoing GDPR consultancy and advisory services to help your organization maintain its continuous adherence, and to help you adapt to inevitable changes in how the business sources and uses data.

  • Reviewing and advising on privacy policies, procedures and documentation
  • Advising on data protection impact assessments (DPIA), their implementation and outcomes
  • Ongoing monitoring of adherence to the Regulation, supported by dashboard reporting
  • Supporting your interactions with data subjects and Supervisory Authorities
  • Data protection and information security consultancy
  • Serving as your EU Representative should you prefer or need to appoint externally

Note: If your business is mandated to have a Data Protection Officer, for example if you are a public authority or are processing personal data at large scale, we can act as your Data Protection Officer and provide additional, specific support.

Does this sound like what you need? Contact Us!

CCPA Assessment & Ongoing CCPA Audit

California Consumer Protection Act

With the CCPA amendments signed into law, privacy experts are discussing what this means for businesses and the industry as we move forward into 2020. From tech giants to small businesses, the CCPA is making everyone fall in line. The final amendments now provide organizations a guideline for what they must do to fully meet CCPA compliance.

The CCPA requirements for business include:

  • Businesses should specifically and clearly inform consumers about how they collect and use personal information and how they can exercise their rights and choices, and businesses should not collect the personal information of children without consent.
  • Businesses should only collect consumers’ personal information for specific, explicit, and legitimate purposes, and should not further collect, use, or disclose consumers’ personal information for reasons incompatible with those purposes.
  • Businesses should collect consumers’ personal information only to the extent that it is relevant and limited to what is necessary in relation to the purposes for which it is being collected, used, and shared.
  • Businesses should provide consumers or their authorized agents with easily accessible self-serve tools that allow consumers to obtain their personal information, delete it, or correct it, and to opt-out of the sale of their personal information, including for cross-context behavioral advertising, and the use of their sensitive personal information for advertising and marketing.
  • Businesses should not penalize consumers for exercising these rights.
  • Businesses that use consumers’ personal information to advance their own political purposes should disclose that fact.
  • Businesses should take appropriate precautions to protect consumers’ personal information from a security breach.
  • Businesses should be held accountable when they violate consumers’ privacy rights, and the penalties should be higher when the violation affects children.

The companies that are preparing for these requirements may have already had a taste of global regulations and increasing data misuse and the reputational damage that can come with it. Instead of seeing the CCPA as a final destination for their privacy program, organizations are taking advantage of the recent CCPA changes to step up their continuing privacy program efforts. As companies prepare for the CCPA, it is essential to remember that a privacy program will need to adapt and change according to, not only privacy law but the needs of the company as well. Regardless of where you are with your privacy program, it is never too late to start planning for your CCPA compliance readiness.

C’S|3 CCPA Assessment is a full set of scalable privacy management software solutions and services specifically designed to implement CCPA requirements and workflows to support a global privacy program.

Does this sound like what you need? Contact Us!

Marketing / Brand Management Assessments & Audits

Customer Service Styles Assessment

Customer Service Styles provides deep insights into the factors explaining the quality of service provided to internal or external clients by assessing service styles – that is, how service providers approach their work and interact with customers.

C’S|3 version to come in the future

Marketing Management & Communication / Branding Audit

C’S|3 version to come in the future

Human Resources / Leadership Assessments & Audits

Leadership Impact Assessments

The Leadership Impact assessment is a comprehensive assessment that provides leaders with targeted feedback on their leadership strategies and impact on others, and thus, the culture they create.

Who is this for?

This assessment is ideal for executives, key-level managers, and others in strategic leadership positions.a(href='/contact.html').fw-medium.text-primary

Does this sound like what you need? Contact Us!

Manager Impact Assessment

The Manager Impact Assessment is a comprehensive assessment that provides managers with insights into how they carry out their roles and responsibilities and the impact they have on people around them.

Who is this for?

This assessment is designed for managers, project managers, supervisors, and others who have management responsibilities.

Does this sound like what you need? Contact Us!

Management Effectiveness Profile System

The Management Effectiveness Profile System (MEPS) provides managers with confidential and in-depth feedback, promotes self-awareness, and facilitates the development of key skills.

Who is this for?

MEPS is appropriate for lower-middle to upper-level managers.

Does this sound like what you need? Contact Us!

Acumen Leadership Workstyles: Individuals

ACUMEN Leadership WorkStyles helps self-motivated leaders strengthen the thinking and behavioral styles that promote their effectiveness.

Who is this for?

This assessment is ideal for executives, managers, and leaders who would like to develop and grow to realize their full potential.

Does this sound like what you need? Contact Us!

Comprehensive HR Audit Assessment


C’S|3 Human Resource Management audits can help identify whether your HR department’s practice areas, policies and processes are adequate, legal and effective. Our comprehensive audit will help you show the gaps with the time tested results with our tools and instruments. They are at your disposal online as well as by engaging a C’S|3 HR Consulting expert. Our analysis will help you identify gaps in HR practices, and help your HR leadership in coordinating with your senior leadership prioritize bridging these gaps in an effort to minimize lawsuits or regulatory violations, as well as to achieve and maintain world-class competitiveness in key HR practice areas. Our roadmap will also help you to implement measures/metrics in HR as well as go the next level of impact based HR that cares for human resources and making your workplaces the best places for your employees to belong.


Human resource audits are a vital means of avoiding legal and regulatory liability that may arise from an organization’s HR policies and practices. In addition to identifying areas of legal risk, audits are often designed to provide a company with information about the competitiveness of its HR strategies by looking at the best practices of other employers in their industry space. In essence, an HR audit involves identifying issues and finding solutions to problems before they become unmanageable. It is an opportunity to assess what your organization is doing right, as well as how things might be done differently, more efficiently or at a reduced cost.

In today’s competitive climate, organizations operate within the confines of a heavily regulated employee environment. This challenge includes dealing with myriad complex laws and regulations. The scope of the HR function includes establishing and administering a host of policies and practices- many of which involve compliance implications- that significantly influence the productivity and profitability of the enterprise.

Given that many HR departments are both understaffed and overworked, only in retrospect do many organizations become aware of the monetary costs of ignoring HR-related legal hot buttons. Noncompliance with applicable laws and regulations involves significant financial risk. To minimize the risk, many organizations purchase employment practices liability insurance. Though this is a sound strategy, organizations can take other proactive measures. Chief among these is a voluntary HR compliance audit.

Does this sound like what you need? Contact Us!

Relational Intelligence Assessments For Leaders & Teams

Self awareness is important for leaders and team members at all levels. C’S|3 relational intelligence assessment uses popular strengths awareness assessments like Myers Briggs, SDI, DISC, RoundPeg.

The 2-Part Power of Assessments

The power of any assessment lies in two parts:

  • What the results tell you about yourself or your people
  • How you use those results to take action
What the results tell you

Assessment results come in two different flavors and it’s important to know the difference so that you can make the most of what your results tell you. In the assessment community, results are categorized as either “state” or “trait.”


Is the assessment giving you info about your team’s present state of mind? These types of assessments tend to surface things like mood, sentiment, current levels of engagement and other fluid emotions and feelings that are not indicative of predicting behavior or needs.


Assessments that reveal information about traits tell you about less fluid aspects of your people. These assessments give you information about the skills, competencies and strengths of your people. By teaching you to see your and your people’s top traits you can approach your team most effectively.

How you use those results to take action

It’s all about how you use the information the assessments reveal to align your action strategy and tactics to what you know about your people.

For example, if assessment results tell you that your people value rewarding team success and cooperation, you’ll want to make sure that you build that sort of mentality into your strategy. If they reveal that some people prefer to reward competition and individual success you will want to know that too, for it may not align to the team.

Picking the Assessment that's best for you

We put this list together so you can know what each is about and match yourself or your team to the assessment that makes the most sense for you. You’ll find out:

  • Who is this for
  • What the results look like
  • Cost/How to order
  • What you can do with the results
Interested in taking any of these Assessments? Contact Us Today

Legal Assessment Review of Contracts & Risk Management

Contract review is a thinking process-a rational analysis. This process includes: clarifying of contract related facts, measure of the feasibility of contract, and forecast of contract risks

The relationship between contract review and risk management

Contract review is a thinking process-a rational analysis for contract. This process includes: clarifying of contract related facts, measure of the feasibility of contract, and forecast of contract risks. Risk control is to predict and avoid contract-related risks in order to minimize the risks of our business, financial capital, as well as legal risk, in short, is a process to prevent a damage that may occur. Contract review and control of legal risk show the relationships between means and purpose, as well as form and substance. The process of contract review is the process for controlling risk; Contract review aims at controlling risk. As a result, the essences of these two issues we are talking about are inseparable and complementary, or even in some way the same.

The significance of the contract review and classification

1. The meaning of contract review

The significance of contract review depends primarily on the meaning of contract. Contract plays a crucial role on management, operations, business activities of enterprises, being the key for foreign economic activity, and deeply impacts on and decides the legitimate rights and interests of enterprises. Therefore, we must take contract review very serious.

2. Classification of Contract Review

  • Prior Review and Post Review
  • Operation Review and Legal Review
  • Formal Review and Substantive Review

How to review a contract (e.g. Lease Contract)

1. Formal Review

  • Review of the subject matter
  • Review of general information
  • Review of qualification
  • Review of credibility and contractual capacity

2. Substantive Review

Contract is made of various provisions. Any rights and obligations of both parties come out of the provisions by each piece of term. Therefore, we conclude that all the provision review plays the decisive role.

Contact Us Today

Ready to invest into your leadership?

Please contact us today!