Security Office Hours

The DeepSeas Security Office Hours service partners DeepSeas Clients with a part time Security Advisor who can address Client’s cybersecurity related questions.

The program provides the Client with an initial assessment and roadmap as well as access to the DeepSeas Advisory App to visualize and assist in their journey of risk mitigation and cyber defense.

The primary objectives of the Security Office Hours program are to:

• Build a Security Roadmap that Client can leverage to mature their program.
• Provide access to a Security Advisor who can provide ongoing guidance and expertise during Office Hours.
• Provide the Client with access to the DeepSeas Advisory App.

The Security Advisor will follow a standard security strategy program playbook that begins with a rapid assessment and the development of a security roadmap. Results from these efforts guide Client stakeholders to align budgets and strategic security initiatives to mature their security program.

The Security Advisory delivery methodology includes the following service elements:

• Onboarding and Assessment
• Documenting a security roadmap
• Regular recurring Office Hours to address Client questions

This program consists of the following phases:

1. Phase 1 – Security Advisor Program Mobilization (Estimated Duration: 3 Weeks)
2. Phase 2 – Conduct Cyber Domain Assessment in DeepSeas Advisory App (Estimated Duration: 3 Weeks)
3. Phase 3 – Ongoing Office Hours (Estimated Duration: Ongoing)

DeepSeas will produce the following deliverables:

1. DEEPSEAS ADVISORY APP ASSESSMENT RESULTS – DeepSeas will provide Client with an assessment report from DeepSeas Advisory App demonstrating control adherence to in-scope frameworks and regulations.
2. DEEPSEAS ADVISORY APP SCAN RESULTS – DeepSeas will provide Client with a copy of the scan results produced out of DeepSeas Advisory App, as applicable.
3. SECURITY ROADMAP – DeepSeas will provide a regularly updated Security Road Map that summarizes program tasks and progress.
4. DEEPSEAS ADVISORY APP POLICIES – DeepSeas will provide Client with PDF versions of policies produced by DeepSeas Advisory App, as requested by the Client.

1. Unless otherwise stated in the scope section of this agreement (i.e., Program Kickoff) or otherwise in writing, all services are to be performed remotely.
2. Client to provide URLs or IPs to DeepSeas for scans.
3. Consulting hours will be utilized at the discretion of DeepSeas for the completion of the Client's reactive requests. Hours may be consumed for activities outside of the scheduled working sessions and will be communicated to Client in advance.
4. Consulting hours are intended to provide flexible support for organizational strategic security efforts from a DeepSeas SME with appropriate experience and credentials on an ongoing basis and do not result in specific deliverables.
5. All unused consulting hours will expire at the end of each contract year and will not rollover onto future contract years.
6. DeepSeas requires a minimum lead time of forty-five (45) days for any project that will utilize consulting hours.

The Client is responsible for the completion of the following tasks, in accordance with agreed-upon timelines established as part of the project plan.

GENERAL RESPONSIBILITIES

1. Client to assign a Single Point of Contact (POC) responsible for Client coordination and logistics.
2. Client is responsible for providing DeepSeas with key stakeholder information such as name and email address to be added to stakeholder register and configured in DeepSeas Advisory App.
3. The Client is responsible for scheduling and coordination of internal Client resources for all project work.
4. The Client is responsible for the approval and implementation of draft documents within the organization.
5. Client to provide necessary access, accurate and up-to-date inventory and asset information, and timely support for the Security Advisor during the assessment, planning, and implementation phases.
6. Client to ensure that all relevant stakeholders are aware of the planned security measures and are trained to use the new security tools and processes.
7. Client to review and approve all deliverables produced by the Security Advisor as part of the Project. This includes providing feedback and revisions in a timely manner to ensure that the Project stays on track and meets the agreed-upon timelines.
8. Client to allocate appropriate resources to support the Project, including personnel, equipment, and other necessary resources. This may involve reassigning staff members to work on the Project or acquiring new resources as needed.
9. Client to provide the Security Advisor with access to all necessary data and information required for the Project. This may involve collecting and analyzing data related to the organization's current cybersecurity posture, infrastructure, and policies.
10. Client to maintain open and effective communication with the Security Advisor throughout the Project. This includes promptly responding to requests for information or feedback and providing regular updates on Project progress.

OFFICE HOURS

1. Client to agree upon a schedule for office hours, status meetings, and governance meetings.
2. The Client is responsible for providing additional agenda topics no later than 48 hours prior to scheduled office hours.

DeepSeas will be responsible for:

1. Scheduling initial kickoff meeting, all onboarding interview sessions, and ongoing office hour sessions
2. Setting up Client in Advisory App and maintaining access through the term of the program
3. Completing onboarding surveys/interviews and providing access to Security Maturity Scorecard