Independent, Unbiased, Technically-Qualified Security Assessments

Our Information Security & Compliance practice (formerly 403 Labs) is dedicated to assisting our clients with information security consulting, fraud management, risk mitigation and vulnerability detection and prevention. We have the privilege of working with leading payment card, financial, restaurant, hospitality, health care and educational organizations from around the world.

Our team has the extensive knowledge and experience to help you improve your unique security posture, specializing in compliance audits, penetration tests, computer security assessments and computer forensic investigations. We handle anything having to do with security or protecting data, including credit card data (PCI DSS), patient data (HIPAA), bank account numbers (GLBA), service provider reviews (SOC 1/2/3) or intellectual property.

We hold several certifications within the information security industry, including:

  • Approved Scanning Vendor (ASV)
  • Qualified Security Assessor (QSA)
  • Payment Application Qualified Security Assessor (PA-QSA)
  • Qualified Security Assessor for Point-to-Point Encryption (QSA (P2PE))
  • Payment Application Qualified Security Assessor for Point-to-Point Encryption (PA-QSA (P2PE))
  • PCI Forensic Investigator (PFI)

We take time to learn your business

We take time to learn your business so we can better advise you, because we know that, at the end of the day, you have a business to run.

We are a state-of-the-art company

We employ state-of-the-art facilities, equipment and techniques to perform thorough security tests. Simply doing “enough to get by” is not an option.

We are continually innovating

We are continually innovating, being first-to-market with new tools, better ideas and superior technology supported by patents.

We're active in the community

We’re active in the information security community, presenting seminars, writing articles, conducting webinars and sharing our knowledge.

Information Security Services

IT Audits

We review and benchmark multiple areas of your organization to identify operational practices and systems configurations that represent risk to your sensitive information.

Penetration Testing

Understand the mind of a hacker to better protect your network and applications. By emulating a real-world attacker, we demonstrate where holes exist and procedures fail, how much access an attacker could gain and how to properly secure your systems.

Vulnerability Scanning

Get up-to-date information about which security vulnerabilities impact your systems. Regular vulnerability scanning is a critical component of all successful information security programs and is a required component for all merchants accepting credit card payments. These scans also help to proactively find changes or weaknesses in your ever-changing network environment.

Forensics

Whether it is investigating a breach of credit card numbers or recovering sensitive data, we have the experience and ability to dissect even the most complicated forensic cases and bring them to a close.

Code Reviews

Our consultants have extensive experience in software development, security audits and penetration testing for web and desktop applications. We conduct detailed code reviews to provide you with clear, concise and meaningful recommendations for proactive application security.

Risk Assessments

Employing a risk management program will focus your limited resources where they can provide the greatest level of risk reduction.  Our risk assessments combine reviews of documentation and system details with personnel interviews to identify relevant threats and vulnerabilities within your organization.

We Make Compliance as Painless as Possible.

Achieving compliance with industry standards doesn’t have to be as difficult as it seems. Regardless of the standard, Sikich guides you through compliance validation processes quickly and smoothly to help get your organization in compliance and back to your core competency—running your business.

Our validation process is easy, and scalable for any size environment.  If you need to comply with multiple industry requirements, you can leverage our experience and efficiencies by combining your requirements into a single assessment.

If you’ve never undergone a compliance assessment before, we can help you prepare for your first one. If you’re a veteran to your industry requirements, you’ll benefit from our unique approach. Compliance isn’t a once-a-year process; we’re your partner and here for you when you need us.

Organizations that store, process or transmit payment card data, such as merchants and service providers, need to comply with the Payment Card Industry Data Security Standard (PCI DSS) to protect cardholder data (CHD).
Payment application vendors and service providers can take advantage of the PCI point-to-point encryption (P2PE) framework to develop solutions that reduce merchant handling of payment card data.
Payment application vendors need to validate against the requirements of the PCI Payment Application Data Security Standard (PA-DSS), which supports merchant compliance with the PCI DSS.
Financial institutions are required by law to comply with the Gramm-Leach-Bliley Act (GLBA) and maintain proper security controls to protect consumer financial privacy.
Health care institutions are required by law to protect the privacy of protected health information (PHI) in accordance with the Health Insurance Portability and Accountability Act (HIPAA).
Outsourced service providers that touch another organization’s data undergo a Statement on Standards for Attestation Engagements No. 16 (SSAE 16) to demonstrate how client data is safeguarded.

Meet Our Information Security & Compliance Partner

D.J. Vogel
D.J. VogelPartner, Security & Compliance

D.J. leads the firm’s security and compliance division. He was the principal founder of 403 Labs in 2005, a world renowned information security consultancy, which he merged with Sikich in 2014. D.J. has extensive experience in information security, vulnerability management, Internet architecture, networking and software design and manages security assessments, forensic examinations and penetration tests. He is a regular speaker at national conferences and conducts training sessions for corporations and compliance organizations. D.J. works closely with the regulatory agencies and card associations to help define and strengthen industry security standards, including the Payment Card Industry Data Security Standard (PCI DSS), Payment Application Data Security Standard (PA-DSS) and forensic procedures.