Organizations face a host of ever-evolving internal and external cybersecurity and information technology (IT) risks and threats that can reduce one’s ability to meet its objectives.

Information assets and technology investments left ungoverned and unprotected leave organizations vulnerable to compromise, loss of reputation, revenue/value, customers, and intellectual property. Couple these risk with the increasing demands for transparency, accountability and compliance by regulators, government entities, shareholders and others, and you have a perfect storm of risks. Today’s leading organizations proactively address these risks through well-governed and protected cybersecurity and IT management programs to ensure the secure and efficient exchange of sensitive and critical information.

Maximize the confidentiality, integrity, and availability of your information assets and IT investments with help from Baker Tilly’s cybersecurity and IT risk team. We work with organizations to achieve measurable security enhancements and performance improvements, and reduce administrative costs. We will assess your organization’s risks, design controls and implement effective security and IT governance processes, all with the goal of improving technology use.

Cybersecurity and IT Risk services portfolio:


  • SOC for Cybersecurity (cybersecurity attestation including readiness, gap assessment, audit and compliance)
  • Cybersecurity risk assessment
  • Cybersecurity/Privacy compliance readiness (FERPA, GLBA, HIPAA security, NIST, PCI DSS, Privacy Shield)
  • Cybersecurity policy & program development
  • Breach response preparedness and planning
  • HITRUST validation
  • Network vulnerability assessment/penetration testing
  • Social engineering/phishing

IT Governance

  • IT project risk review
  • IT risk & effectiveness assessment
  • Business continuity planning and management (BCP / BCM)
  • Disaster recovery
  • Programs addressing:
    • Model Audit Rule
    • HIPAA security
    • FISMA
    • PCI DSS
    • ISO 27001

IT Process Assurance

  • Outsourced IT audit
  • Co-sourced IT audit
  • IT Sarbanes-Oxley (SOX) readiness and testing
  • Service Organization Control (SOC) reporting
    • SOC 1
    • SOC 2
    • SOC 2 + HITRUST

Our Take

image of

Your people and technology are the avenues attackers can use to access your data. We work with clients to implement pragmatic cybersecurity solutions that reduce attack surface. We consider all aspects of protection – human, technological and data-centric – to enhance your cybersecurity and minimize the impact of a breach.

— Thomas R. Wojcinski