Fractional CISO

Services » Managed Security » Fractional CISO

Looking for a partner to solve your
cybersecurity and compliance challenges?

Assura’s Virtual ISO™ is the answer.

With Virtual ISO™, you can rest assured your organization will have industry-best protection, backed by our AuditArmor™ guarantee. We’ve got you covered, from security policies, procedures, and planning to risk assessment, third-party vendor oversight, and more. We understand there isn’t a one-size-fits-all solution for every organization, which is why we offer customizable options for this service.

What you get with Virtual ISO™

  • Fractional Chief Information Security Officer (CISO)
  • Security policies, standards, and guidelines
  • Security processes, procedures, and plans
  • Security awareness training
  • Security and compliance assessments
  • Risk assessments
  • Third-party vendor oversight
  • Secure system development
  • Investigate and lead the response to security breaches
  • Recurring compliance activities
  • Audit defense

Customizable plans and features
to fit any organization’s needs.


For organizations with an IT team or service provider that want a partner to handle the Governance, Risk, and Compliance activities of their information security and cybersecurity programs.


  • We map out a fully functional and compliant program, then build it together
  • You’re guided through all program management decisions
  • You decide how your organization will run the business end of cybersecurity
  • All the unsexy work of documentation will be taken care of by your Virtual ISO™ team
  • Your IT experts implement the necessary technical safeguards
  • We work closely with your IT folks to make sure your system is secure
  • Once the program is in place, we continue to keep it maintained and compliant going forward
  • Users are trained in security practices to help defend against attacks
  • We take on cybersecurity planning activities such as system security plans if applicable
  • In the unfortunate event of a cyber incident, we advise on how to handle it


For organizations that do not have dedicated resources for cybersecurity operations or are outsourcing IT operations and need to ensure the environment is protected as contracted.


  • Guardian includes everything offered in Defender
  • Assura becomes your complete cybersecurity and compliance solution
  • We handle compliance, implementation of technological safeguards, and program operations
  • Advanced tools are used to ensure compliance with your policies, enhance security, and monitor your environment for non-compliant system configurations
  • Once your program is in place, we keep it maintained and compliant going forward
  • Includes the Kickstarter plan for our Security Information and Event Management (SIEM)
  • Includes Managed Security and Awareness Training to build the first line of defense
  • We take on Security Incident Plan Development Test and Exercises
  • In the unfortunate event of a cyber incident, we run the incident response for you so that you can get back in operation as quickly as possible

Compare our plans.

Defender Guardian
AuditArmor™ Guarantee X X
Assigned Primary and Backup Information Security Officers X X
Automated Compliance Tracking, Calendar, and Workflows X X
Guidance from a Team of Cybersecurity Experts X X
Prioritized Plan of Action and Milestones X X
Dashboard and Analysis X X
Monthly Reporting X X
Security Reminders and Alerts X X
Customized Cybersecurity Policy and Procedures X X
Risk Assessments X X
Risk Remediation Plans X X
Technical Security Guidance X X
Initial and Annual Security Training for End-Users X X
IT Disaster Recovery Plan Development, Test, and Exercise X X
Security Incident Plan Development, Test, and Exercise X X
Supplier Risk Management and Evaluation X X
Monthly External Vulnerability Scanning (Non-PCI DSS) X
Security Threat Monitoring – Kickstarter Plan X
Monthly Scan of Internal Systems for Vulnerabilities and Missing Security Updates X
Security Technology Engineering Support1 X
Monthly Social Engineering and Security Awareness Campaigns X
Initial and Annual Security Training for IT Personnel and Developers X
Security Training for Executives and Boards X
Reporting to Executive and Boards Security Incident Response Support2 X
Customize Defender now Customize Guardian now

1 Up to 4 hours per quarter. More available at discounted rates.

2 Assura handles all incident coordination through return to normal operations and up to 4 hours of incident response analysis and investigation. Additional response support and investigation hours available at discounted rates.

Compliance and security for any industry.

Guaranteed compliance with the following standards and regulations.










ISO 27001/27002

ISO 31000

IRS 1075


NIST SP 800-53

NIST SP 800-37

NIST SP 800-171




SSAE-18/SOC 2 & SOC for Cybersecurity

State-level data breach reporting and cyber security standards and data protection laws

If you get audited, Assura has you covered. Our AuditArmor™ Guarantee means that we guarantee our work to be compliant with the identified cybersecurity frameworks and regulatory requirements (unless waived by you). We defend our work at no additional cost. Yes, we’re serious. And yes, we’re that confident in the quality of our work. We have you covered from entrance conference to exit conference and will work with your auditor or regulator to defend our work. On the off chance that a change needs to be made to the deliverable, we’ll do that for free. It’s that simple.

How we’ve helped to protect industries like yours.

Protecting a university’s network against both hackers and a student workforce.

A university approached Assura with a unique challenge that most other organizations don’t have. Because they employ students to help run various aspects of the school, they needed a way to ensure these work-study employees didn’t accidentally put the university’s data at risk.

Delivering cybersecurity solutions to 11 Virginia government localities at one time.

The Federal Emergency Management Agency (FEMA) challenged the Commonwealth of Virginia with helping to secure elections and making government localities cyber secure. Assura was approached by nearly a dozen together needing to overcome the same challenge in the same timeframe, yet each with its unique path to reaching success.

ProDefense™ XDR: Quickly securing a global company's all-new virtual data call center.

A U.S. government contractor tapped a global company that specialized in workforce mobilization and staffing to create and staff a call center. Typically, this would not have been a significant challenge. However, this happened at the peak of the COVID-19 global pandemic, which meant the data center needed to be 100% remote while still being 100% compliant with Federal cybersecurity regulations – seemingly incompatible requirements. Assura had the solution.