Hicks Engineering :: IT Compliance Consultants
Solutions for IT security compliance.
Managing information security compliance is a complex undertaking for any size organization; for small organizations it can very hard to coordinate, implement, and monitor. We help small teams assess and manage software security compliance.
When new or existing clients ask for an assessment of your organization's security posture, it quickly becomes clear that every company seems to have a different framework or regulation to audit you against.
These audits and remediation efforts take time to research and implement. We help teams navigate the many hurdles and achieve information security compliance.
When you factor in the cloud, it can complicate things further, but in many instances it actually lessens the compliance workload due to the shared responsibility model with your cloud service provider. We understand cloud compliance, especially for regulated environments, and can help you achieve your security compliance goals and satisfy your customer's requirements in the process.

Whether you are a start-up that needs to implement a full security compliance program with all supporting documentation, or you simply need a system vulnerability scan and report, feel free to contact us for compliance review today.
We are located in Massachusetts and work with organizations throughout the USA.


Compliance made easy, so you can focus on the code.
Please see below to view some of the common compliance services we have provided to hundreds of happy clients.

Documentation for Policies and Procedures
Policies and procedures are the lifeblood of your compliance program. We help companies design policies that are practical and easy to implement and follow.

  • Software Development Life Cycle (SDLC)
  • Change Management
  • CAPA
  • Security
  • Business Continuity
  • Disaster Recovery
  • Vendor Management
  • Quality Policy
  • Deviation and Incident Management
  • Auditing
  • Training Management

Penetration Testing / System Vulnerability Scans and Reports
Third party Pentesting and System Vulnerability scans help companies prove to their customers that they take information security compliance seriously. You will find this requirement in many information security audits from your potential and existing customers and some customers may even ask to perform a scan on your systems before entering into an agreement.
We provide one-time or recurring security scanning services and full reporting for your compliance, or we can work on behalf of your organization to perform a scan on your potential vendors (only with signed consent from the vendor).

The full scan report includes:

  • Introduction
    • Background
    • Objectives
    • Scope
    • Approach
    • Methodology
  • Executive Summary
    • Graph for high level overview
    • Table includes: Risk level for each finding; High, Medium, Low
  • Findings
    • Detailed summary of each finding
    • CVE Record and/or CVSS Scores for each finding
    • Risk Summary for each finding
    • Recommendations for remediation for each finding
  • Addendum
    • Tools and techniques