IT security governance

Evaluation and recommendations for
better management of risks,
compliance and governance

Risk Management and Compliance Services helps you evaluate your existing security practices—including payment card industry (PCI) security, identity and IT regulatory compliance needs and gaps— against your business requirements and objectives. Our skilled security specialists provide recommendations to help you make more informed decisions about allocating your resources to better manage security risks and compliance. We can deliver a wide range of capabilities—from security program development, to regulatory and standards compliance, to security education and training.

We provide a broad range of security expertise through a variety of methods such as security consultants, managed security services, cloud-based security services and physical security services. Our offerings are designed to provide you with an objective evaluation of your security controls, mechanisms and goals based on best practices. In addition, we help you develop an actionable plan for optimizing IT resources and better managing compliance.

What we offer


Federal Information Security Management Act (FISMA) Compliance

Helps Federal agencies evaluate your security posture against published requirements and best practices


Gramm-Leach Bliley Act compliance solution

Helps your financial institution achieve security best practices


Health Insurance Portability and Accountability (HIPAA) compliance solution

Our five-step process helps you achieve compliance by examining your complete security management lifecycle

Information Security Framework

Information Security Framework

Helps build the foundation for a more effective, enterprise-wide security program by assessing and enhancing your security capabilities.


North American Electric Reliability Corporation (NERC) - Critical Infrastructure Protection (CIP) Cyber Security Standards

Our expert security consultants review every element of your NERC-CIP compliance, including: policies, procedures, configuration management, certification and accreditation, remediation plans, and security awareness training

PCI security

PCI security

Can help you assess compliance and meet all 12 requirements of the PCI security standard

Security Program Design and Management

Security Program Design and Management

Helps you design an effective IT security plan tailored to your organization’s unique needs.

Security Risk Management

Security Risk Management

Identifies areas of potential risk and designs a solution that balances your risk mitigation requirements against your organization’s acceptable level of assumed risk.

Related materials

Find studies, papers and briefs on this topic

NOTE: JavaScript is disabled in your browser. SSI information is only available when JavaScript is enabled.

Contact IBM

Fortifying for the Future

Insights from the 2014 IBM CISO Assessment

2014 Cost of Data Breach Study

Industry-leading benchmarks from Ponemon Institute, sponsored by IBM.

Get the latest reports

  • Building a Security Operations Center

    Learn how to optimize your security intelligence to better safeguard your business from threats

  • Security incident response plan that actually works

    Top ten mistakes which security organizations make with their Computer Security Incident Response Plans.

  • Q4 2014 X-Force report

    Learn about how the Internet of Things is bringing new opportunities and new threats

Featured literature