IT Governance & Leadership

More than just a consultant, our virtual and interim leaders become your strategic partners, helping you lower operation costs while building, managing, protecting and securing your information technology and cybersecurity footing. Ask us about Chief Information Officer, Chief Information Security Officer and Data Protection Officer services.

Learn More

Managed Information Technology

CAG provides managed services tailored to your specific needs, we accomplish your business goals even in the most challenging economic or change environments. We advice the latest technologies & service approaches scaled to your specific requirements and budget.

Learn More

Cybersecurity

Our cybersecurity team begins by developing your customized security programs, plans, risk registers, and policy standards based on your industry’s security frameworks and regulatory environment.

Learn More

Audio / Visual

ColumbiaAVS™ provides the right resources to walk you through equipment selection, delivery, installation and configuration. In addition, ColumbiaAVS™ Managed Services proactively maintains, monitors and manages your technology from our CAG 24/7 operations center, providing safeguards against critical downtime.

Learn More

TSA Security Directive

The TSA Security Directive Pipeline focuses on protecting our critical infrastructure against emerging cyber threats. As an industry leader, it is vital to take proactive steps to fortify your cybersecurity defenses and adhere to the strict guidelines outlined in the directive.

Our dedicated team of cybersecurity professionals is equipped with the knowledge and experience necessary to guide you through the compliance process seamlessly. We specialize in understanding the unique challenges faced by the oil and gas sector, and we have a proven track record of successfully assisting companies like yours.

PCI Compliance

Owners/operators of TSA-designated critical pipeline and natural gas facilities were required to create and submit a Cybersecurity Implementation Plan by October 25, 2022. Your plan should have included in-depth details on how the organization will approach malicious attacks and proactively take action to prevent disruption and degradation to critical infrastructure in the event of a cyber attack. You were also required to develop and maintain an up-to-date cybersecurity incident response plan and cybersecurity assessment program.

Security Directive Pipeline-2021-02C Requirements

 

Create a Cybersecurity Implementation Plan that details an in-depth approach to malicious attacks.

III.A:  Identify critical cyber systems
III.B:  Implement network segmentation policies and controls
III.C:  Implement access control measures to secure and prevent unauthorized access
III.D:  Implement continuous real-time monitoring and detection policies and procedures to prevent, detect, and respond to cyber      threats and anomalies affecting critical cyber systems
III.E:  Apply security patches and updates for operating systems, applications, drivers, and firmware on critical cyber systems consistent with the owner/operator’s risk-based methodology.

Develop a Cybersecurity Incident Response Plan that demonstrates how you will reduce the risk of operational disruption in the event of a cybersecurity incident. This is covered in Section III.F

Create a Cybersecurity Assessment Program and submit an annual plan detailing how you will proactively and regularly assess the effectiveness of cybersecurity measures, as well as identify and resolve vulnerabilities.

Time Has Run Out

The Transportation Security Administration (TSA) has issued a critical Security Directive Pipeline that demands immediate compliance from all oil and gas companies operating in this sector. Failure to meet the deadline could have severe consequences for your business.

  • Create and submit a Cyber Security Implementation Plan with in-depth detail on meeting requirements III.A-III.E
  • Until the TSA approves your plan, apply the requirements in SD 2021-02B.
  • Plans must be updated and submitted annually.
  • The maximum civil penalty for pipelines under the latest TSA guidance is $11,904 per day per violation.

At Columbia Advisory, we understand the urgency and complexity of this directive. Our expertise lies in providing tailored cybersecurity solutions to the oil and gas industry, and we are here to help you navigate this crucial compliance journey.

GLBA Compliance

We offer comprehensive solutions to help your company comply with GLBA requirements. We can install systems that secure email communications, track and secure digital data, and protect from unauthorized access. In addition, our team can assess or audit your current infrastructure and provide detailed reports about possible vulnerabilities. We’ll then provide the solutions needed to bolster your system.

We can also provide routine maintenance services and test your cybersecurity programs as new threats emerge. With this practice, you’ll remain updated with the latest developments and maintain your customer’s confidence.

PCI Compliance

The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements that must be followed by companies that take credit card information from customers. The process is called PCI Compliance, and it involves certain steps that involve the company’s IT and cybersecurity infrastructure.

Columbia Advisory Group understands all the requirements needed to achieve full PCI compliance. We’ll provide comprehensive IT solutions for your company, handling aspects such as encryption of data, restricting access, updating software, and scanning for vulnerabilities.

NIST 800-171 Compliance

While GLBA and PCI DSS are created for protecting private customers, NIST 800-171 Compliance applies to government transactions. Companies — especially manufacturers in contract with the Department of Defense and similar agencies — are required to protect the confidentiality of controlled unclassified information. This is meant to secure sensitive government information from nefarious entities who might try to access it.

At Columbia Advisory Group, we fully understand the requirements for NIST 800-171 Compliance. We’ll ensure that your company’s cybersecurity structure is up to standards, audit key areas for vulnerabilities, and implement updates or fixes as necessary.

More than Compliance Readiness

Columbia Advisory Group’s managed compliance services will not only take you through the compliance readiness process but also ensures your organizations abides by regulatory requirements, certification bodies in preparation for third-party audits against security standards and cyber-insurance renewals.

  • Delivers exceptional IT Managed Services
  • Over 100 years of combined experience
  • Assessments conducted: 350+
  • Managed services engagements: 100+

Columbia Advisory group delivers unified security & compliance reporting that allows your business to track its readiness against any security or risk-based standard in real time.

Ready to Talk with an Expert?

Learn how we align our exceptional experience as a leading IT Managed Service Provider to bring measurable benefits to your organization

Case Studies

COMPLEX ERP SOLUTION SUPPORTS STUDENT RECRUITMENT AND RETENTION

Columbia Advisory Group Audio/Visual Services Saves Texas A&M University System campuses over $3.2 million during A/V redesign

Implementing Hybrid Learning Systems in a Post-COVID World

Making The Case for Virtual Chief Information Security Officers in Education

The Importance of a Unified Technology Stack for Higher Education Institutions

Enabling IT Transformation for Non-Profit Healthcare Entity

Tarleton State University: Interim CIO Provides Strategic IT Roadmap

Electronic Health Records Implementation for a Non-Profit Skilled Nursing Facility

Embracing the Future: Tarleton State University’s Data-Driven Transformation

Navigating an HVAC Division Carve-Out for a Large Publicly Traded Company

Strategic Operational Cost Reduction in a Top-Tier Global Financial Institution