IT Risk Assurance & Advisory

Every business faces a variety of challenges, including rapidly changing technology, cybersecurity threats, and regulations. DGC provides a wide range of IT audit, compliance, and cyber & information security services, including SOC 2 examinations, that can help identify, evaluate, measure, and manage compliance and cybersecurity risks. Our professionals have the training and experience to identify areas of exposure and recommend size-appropriate, cost-conscious corrective actions. DGC’s team will develop a tailored plan to safeguard your organization.

System and Organization Control (SOC) Services

Organizations today are faced with a challenging landscape, both from a cybersecurity, and a regulatory perspective. Your customers want to ensure their data is protected when they are using the services you offer. The AICPA SOC 1 (formerly SAS 70) and 2 Reports and SOC for Cybersecurity Report are three of the ways you can demonstrate your commitment to best practices to your prospects and customers SOC 2s have become the de facto solution to addressing the cybersecurity due diligence concerns your customers have when working with service organizations. DGC’s IT Risk team has the expertise to help you achieve your goal of obtaining a SOC report.

SOC Audit Services

Advisory Services

Technology has become a core component of how companies do business, unlocking efficiencies that reduce cost and increase productivity. With these advancements have come significant threats from hackers and other malicious actors and a string of high-profile data breaches and compromises. In addition to this incredible challenge, many regulations are now in place at the international, national, and state levels, which govern data and information security. Navigating this landscape while running your business and maintaining your systems can be overwhelming. The cybersecurity professionals at DGC can help you manage these often competing demands by assessing the state of your cybersecurity, your compliance with regulations, and helping you achieve your objectives.


Download a PDF of Our
Information Security Roadmap Assessment







Policy & Training

  • Information Security Policy Development
  • Information Security Awareness Training


  • Business Continuity
  • Disaster Recovery
  • Incident Response Program
  • Regulatory Compliance Advisory
  • Assist with Third-Party Vendor Assessment
  • Data Classification
  • User Lifecycle Management
  • Fractional CISO

Working With IT Departments

Even the most proactive information technology departments may have vulnerabilities or areas where security can be improved. DGC’s professionals are trusted by clients, work with sensitive data, and understand the importance of having internal controls tailored to your organization. We take the time to ask the critical questions and understand your business.

Have you identified all types of sensitive data in your organization and where it’s stored? Have you assessed your network for technical vulnerabilities? Do you have a well-defined plan of action in the event of a breach? Are you in compliance with all federal and state regulations?


We will review your policies, interview key members of your team, perform technical assessments, and deliver recommendations. These are just the first steps a business needs to take in order to properly protect itself. By partnering with DGC’s Cyber and Information Security team, you can implement a secure framework, allowing you to operate your business with confidence.

It’s your organization’s responsibility to uphold the three tenets of information security:

  • Confidentiality – Data is kept private
  • Integrity – Data can be trusted
  • ​Availability – Data can be accessed when needed

Defense & Aerospace

If you are doing business with the Department of Defense, it is likely you are subject to a series of cybersecurity requirements through either Federal Acquisition Regulation (FAR) 52.204-21 or Defense Federal Acquisition Regulation Supplement (DFARS) 252.204-7012.

FAR mandates 15 cybersecurity requirements that defense contractors must have in place to meet the terms of their contract. DFARS goes much further than its FAR counterpart. There are 110 requirements with an incident response capability, and the clause is triggered when the contractor collects, develops, receives, transmits, uses, or stores Covered Defense Information (CDI) in performance of a contract, either as a prime or subcontractor. There are steep consequences for non-compliance, including prosecution under the False Claims Act.

At DGC we have deep expertise assisting companies in the Defense Industrial Base achieve compliance with FAR and DFARS cybersecurity requirements and can help your organization meet its obligations.

DGC is Cleared C3PAO for Defense Contractor
CMMC Assessments


Our services include:

  • Cybersecurity Maturity Model Certification (CMMC) readiness
  • FAR 52.204-21 compliance consulting
  • DFARS 252.204-7012 compliance consulting
  • System Security Plan (SSP) development
  • Plan of Action & Milestones (POAM) development
  • Cyber incident reporting program development and testing
  • Policy and procedure development
  • Vulnerability assessments to meet NIST SP 800-171 requirement 3.11.2
  • Control assessments to meet NIST SP 800-171 requirement 3.12.1
  • ITAR cybersecurity readiness
  • DoD DCMA DIBCAC audit defense
  • Basic self-assessment for SPRS to comply with DFARS 252.204-7019 and 252.204-7020


Major Updates to the Cybersecurity Maturity Model Certification: What you Need to Know
Major Updates to the Cybersecurity Maturity Model Certification: What you Need to Know 12/21/2021

Scott Goodwin's article is featured on Tripwire's blog. The steps initially taken by the DoD to enhance supply chain security would end up having significant implications for nearly all organizations that do work with the DoD. Read more

Spotlight on ISO 27001
Spotlight on ISO 27001 11/16/2021

ISO 27001 is a leading, widely recognized international standard and certification regime focused on how to manage information security. Read more

DGC’s IT Risk Team Discovers Previously Unknown Vulnerability in Autodesk Software During Penetration Testing for Client
DGC’s IT Risk Team Discovers Previously Unknown Vulnerability in Autodesk Software During Penetration Testing for Client 08/11/2021

The vulnerability exists in a software component common to most Autodesk products and impacts nearly all organizations using licensed Autodesk software in any capacity. Read more

How Your Organization Can Avoid Denial of Cyber Insurance Coverage
How Your Organization Can Avoid Denial of Cyber Insurance Coverage 07/16/2021

In addition to experiencing an increased number of cyber hacks, companies are getting denied when trying to renew their cyber insurance coverage. Read more