Federal, state, local, and international regulations create unique demands for industries including financial services, health care, and energy. NMI's compliance solutions ensure that your organization is compliant with applicable laws, regulations, and standards, and that your personnel are aware of their duties within your compliance program.

Internal & External Audit
NMI usually provides direct support to the internal audit & compliance functions within your organization. NMI supplements internal audit and compliance capabilities and acts as a force multiplier for internal audit and compliance efforts.

NMI functions as an external auditing firm with respect to security testing and information technology audits. NMI does not perform financial audits or other audits outside the scope of SGRC. NMI is frequently retained by external audit firms to perform security testing and IT audits.

Take the SGRC Quiz!
Take the SGRC quiz by clicking on any of the animal images below:

Ostrich Sloth Tortiose Wolverine Dragon

The SGRC quiz is part of The Martial Art of Security, Governance, Risk Management, and Compliance, a training program and approach to SGRC developed by NMI founder Andrew T. Robinson.

The SGRC quiz does not collect any personally identifiable information.

NMI LLC — Compliance Services

For over 20 years, NMI has created industry-leading solutions to the most difficult problems of security, governance, risk management, and compliance.

  • Compliance
  • Audit
  • Support
  • Training

Compliance Program Development

NMI's RAPID process is the basis for all NMI's compliance services. RAPID expedites the creation and adaptation of your compliance program, and ensures that you meet or exceed all compliance requirements over time.

The NMI Difference

  • Expertise (at least 50 years of combined SGRC experience)
  • Shortest time to create or update a compliance program
  • Ongoing compliance & compliance decision support

Initiation Phase

If you have an existing, documented compliance program, the initiation phase will integrate it with the RAPID model. If you don't have an existing compliance program, NMI will identify regulatory requirements, determine compliance levels, identify practices through observation and interviews with key employees, and produce an initial compliance program document.

Development Phase

During the development phase, NMI acts as an expert facilitator and resource for regular, light-weight compliance program development cycles. Each development phase cycle should address the most critical compliance issues in a team environment with input from vital perspectives. The result of each development cycle is an updated compliance program document and an updated compliance gap analysis. The development phase usually takes between 6 and 20 development cycles over 2 to 5 years. Development cycles should take place no less frequently than every 6 months, and no more frequently than every 2 months (excluding cycles triggered by significant external events).

Maintenance Phase

During the maintenance phase, you take over the RAPID compliance program process. Maintenance cycles should occur with the same frequency as development cycles. NMI is available as needed as an expert resource, and to review updated compliance program documents. The maintenance phase continues for the lifetime of the organization.

Audit

NMI provides information technology and information technology compliance audit services. NMI has performed hundreds of audits for customers throughout the U.S.

The NMI Difference
  • Extensive knowledge of all compliance targets
  • Unmatched technical expertise
  • Consistent reporting across all audits (using RSK)
  • Service after the audit (including post-remediation audit report updates

Information Technology Audit

NMI audits selected information technology resources against control targets you select, and against general preferred practices. Vulnerabilities are identified and rated using RSK, allowing audit and security test results to be directly compared.

Control targets for information technology audits include GLBA, FFIEC, ISO 27001, COBIT, COSO, ITIL, SOX, HIPAA, NERC CIP, and SAR 1200.

GLBA Audits

This service is specific to our financial services customers who are subject to GLBA (NMI can provide similar services for specific control targets in other industries). The GLBA audit considers all aspects of the GLBA 501B (including non-technological customer information storage and handling procedures) in a format consistent with FFIEC guidelines.

Compliance Support

NMI provides direct support to the compliance and audit functions within your organization. This includes decision support, product and service reviews, compliance analysis, and support of the RAPID development and maintenance phases.

The NMI Difference
  • Over 20 years of compliance & audit experience
  • Electronic mail, telephone, and on site support options
  • Support for all control targets
  • Highly available & responsive
  • Staff augmentation for internal audit
  • RAPID compliance process
  • RSK risk measurement

The Martial Art of Information Technology Compliance

NMI founder Andrew T. Robinson combines over 20 years of SGRC expertise and over 10 years of martial arts experience into The Martial Art of Security, Governance, Risk Management, and Compliance(TMA/SGRC). TMA/SGRC provides the most extensive and flexible SGRC curriculum in the industry.

The subset of TMA/SGRC that deals specifically with information technology compliance is The Martial Art of Information Technology Compliance (TMA/ITC). If this section looks similar to the training sections of other pages, your eyes are not deceiving you!

Compliance Awareness & Self-Defense Training

TMA/ITC applies the principles of martial arts training to develop compliance awareness and skills. TMA/ITC can be customized for your organization, including customization for your specific compliance program & other aspects of your SGRC program.

TMA/ITC is supplemented by other discipline-specific courses including:

All courses are taught by NMI Senior Instructors with at least five years of experience with the course material and one or more industry-standard certifications.

The Martial Art of Information Technology Compliance Curriculum

The formal TMA/ITC curriculum consists of the following elements. Each element can be customized for your environment, and elements can be combined and created to meet your specific needs.

Basic Compliance Awareness
BCA-174Compliance Awareness for Users
BCA-175 Working with Your Audit & Compliance Team (Employees)
BCA-276Compliance Principles
BSA-180Preparing for Audits & Examinations (Employees)
Compliance Management Skills
CMS-277Audit & Compliance Management Standards and Practices
CMS-378The Compliance Life Cycle
CMS-379Developing an Effective Compliance Program
CMS-281Preparing for Audits & Examinations (Compliance Personnel)
CMS-382Remediation Programs (After the Audit or Examination)
SMS-213Principles of Effective Documentation
Law, Ethics & Investigation
LEI-241Ethical Standards for SGRC Professionals
LEI-242Ethical Scenarios & Role Playing
LEI-242Privacy
LEI-344Laws, Regulations & Standards

SGRC Awareness Quiz

For thousands of years, martial artists have studied animals in order to refine their techniques. Following in this tradition, Andrew T. Robinson has created the SGRC Quiz. Find out which of the five SGRC Animals most typifies your own behavior and attitudes regarding SGRC.

RAPID, RSK, STORM, and TrustPath are trademarks of NMI LLC.