Security Assessment

Securing company information is an ongoing concern for stakeholders that need to comply with numerous data security laws, policy and audit procedures. As more and more businesses are being affected by security breaches and undetected vulnerabilities, business decision-makers are realizing that the lack of an information security review to alleviate their security deficiencies can be very costly. CANDA Solutions provides an independent, non-biased approach to mitigate the potential risk and liability of an organization’s technology infrastructure and business process.

Information Security is much more than the latest technology, hot fix or virus patch. It encompasses all elements of a company’s complex business environment. With legislation such as HIPAA, GLBA, Sarbanes-Oxley and the California Privacy Law (SB1386) requiring higher standards of risk governance, privacy accounting, security operations and policies must now align with larger business objectives and corporate strategy.

CANDA Solutions provides the depth of analysis necessary to ensure your intellectual property and IT assets are protected from external and internal vulnerabilities and recommends risk mitigation strategies where appropriate.

Credentialing and Accreditation (C&A)

Our Rapid C & A Methodology, honed within DHS, provides you with repeatable and demonstrable value on day one. Certified Staff Supporting our Program Managers (PM) is a breadth of company resources that include certified professionals totaling decades of experience in the areas of DHS systems and the C & A process. Many of our PMs and staff members are certified PMPs’, CISSPs’ and CAPs’ with comprehensive understanding of the process and the ability to support your C & A project.


Our C & A team begins with the submission of a detailed project plan. The project plan defines our methodology, resource assignments, and timeline for completing the tasks. Our customized C & A approved templates are key to the process. These templates have been created and refined while performing C & A on over 15 systems.


A “kick-off” meeting establishes the initial communications channels and is used to identify team members, roles and responsibilities, system access requirements, and reviews the project plan. This meeting ensures that team members are equipped with the resources needed to begin the process.

Data Collection

Our approach uses a comprehensive set of discovery processes, which follow the guidelines identified by NIST and includes interviewing personnel, personnel shadowing, and process / data sampling.

Compliance Verification

Verification of compliance is determined by comparing the appropriate artifacts against the applicable regulatory guidelines.


Data collection and compliance verification processes will result in the creation of the C & A documents, which can then be submitted to the Designated Approving Authority (DAA) for approval.

Return to Top

Copyright CANDA Solutions, LLC © 2008 - 2018