DeepSeas Advisory App

The DeepSeas Advisory App allows Clients to visualize their current security posture as well as assist in their journey of risk mitigation and cyber defense.

This product is designed to upgrade an existing Client’s Security Advisory hours or legacy Strategy and Governance existing service. Upon renewal, enrollment into one of DeepSeas Security Advisory programs includes this service element and should not be added separately.

The primary objectives of the Advisory App add-on are to provide the Client with access to the DeepSeas Advisory App after running initial assessments about the Client’s security posture.

The Security Advisor will follow a standard security strategy program playbook that begins with a rapid onboarding assessment. Results from these efforts guide Client stakeholders to align budgets and strategic security initiatives to mature their security program.

The Security Advisory delivery methodology includes the following service elements:

• Platform Setup, Configuration, and Client Training
• Conduct Initial and Domain Assessment(s)

This program consists of the following phases:

• Phase 1 – Platform Setup and Configuration (Estimated Duration: One to Two (1-2) Weeks)
• Phase 2 – Conduct Assessment(s) in DeepSeas Advisory App (Estimated Duration: Three to Four (3-4) Weeks)

DeepSeas will produce the following deliverables:

1. DEEPSEAS ADVISORY APP SCAN RESULTS – DeepSeas will provide Client with a copy of the scan results produced out of DeepSeas Advisory App.
2. DEEPSEAS ADVISORY APP ASSESSMENT RESULTS – DeepSeas will provide Client with an assessment report from DeepSeas Advisory App demonstrating control adherence to in-scope frameworks and regulations.

1. Unless otherwise stated in the scope section of this agreement or otherwise in writing, all services are to be performed remotely.
2. Client to provide URLs or IPs to DeepSeas for scans.

The Client is responsible for the completion of the following tasks, in accordance with agreed-upon timelines established as part of the project plan.

GENERAL RESPONSIBILITIES

1. Client to assign a Single Point of Contact (POC) responsible for Client coordination and logistics.
2. Client is responsible for providing DeepSeas with key stakeholder information such as name and email address to be added to stakeholder register and configured in DeepSeas Advisory App.
3. The Client is responsible for scheduling and coordination of internal Client resources for all project work.
4. The Client is responsible for the approval and implementation of draft documents within the organization.
5. Client to provide necessary access, accurate and up-to-date inventory and asset information, and timely support for the Security Advisor during the assessment, planning, and implementation phases.
6. Client to ensure that all relevant stakeholders are aware of the planned security measures and are trained to use the new security tools and processes.
7. Client to review and approve all deliverables produced by the Security Advisor as part of the Project. This includes providing feedback and revisions in a timely manner to ensure that the Project stays on track and meets the agreed-upon timelines.
8. Client to allocate appropriate resources to support the Project, including personnel, equipment, and other necessary resources. This may involve reassigning staff members to work on the Project or acquiring new resources as needed.
9. Client to provide the Security Advisor with access to all necessary data and information required for the Project. This may involve collecting and analyzing data related to the organization's current cybersecurity posture, infrastructure, and policies.
10. Client to maintain open and effective communication with the Security Advisor throughout the Project. This includes promptly responding to requests for information or feedback and providing regular updates on Project progress.

DeepSeas will be responsible for:

1. Scheduling initial kickoff meeting, all onboarding interview sessions, working sessions and status calls, as applicable.
2. Setting up Client in Advisory App and maintaining access to platform through the term of the program
3. Completing onboarding surveys/interviews and providing access to Virtual Security Maturity Scorecard