Professional Services

The ProServ team initiates two types of engagements:

  • Quickstart – This required service provides new clients with an understanding of the platform’s core functionality. It includes fundamentals training for your platform administrators.
  • Quickpath – This optional consulting service consists of advanced configuration related to specific business processes, such as vendor management, incident management, internal audit/SOX testing, and compliance with security guidelines. These engagements are customized to fit your specific needs and level of desired investment, and provide additional “hands on” transfer of knowledge for your team.

The following timeline illustrates Lockpath’s general deployment process to help new subscribers quickly benefit from their investment in Lockpath.

Professional Services: QuickStart Diagram


Quickstart is the foundation for setting up Lockpath and accelerating your team’s understanding of the platform’s capabilities. Once you have access to Lockpath, the ProServ team will discuss with your designated project team how you plan to use the platform. The objective is to evaluate the maturity level of your compliance program prior to the import of authority docs and “live” data, development of tables and workflows, and creation of reporting/dashboards. The initial deliverable – a result of collaboration with process owners – is a roadmap that outlines the individual tasks to be completed by both the client user team and the Lockpath ProServ team.

Quickstart Implementation Process


1. Scoping

Advanced preparation

  • Introduction
  • Establish agenda
  • Introduce support portal

3. Strategy Development

Series of calls to discuss objective

  • Outline requirements
  • Create roadmap for configuration
  • Identify processes for integration

2. On-Board Training

Variety of training options, starting with:

Foundations (Webinar)

  • Product navigation
  • Terminology basics
  • Application overview

Fundamentals (Classroom)

  • Administrator focus training
  • Hands on with the basics
  • User certification

4. Core Configuration

On-site client visit

  • Finalize strategic use for platform
  • Build foundation for key processes
  • Assist with security setup
  • Create key workflows, tables, and reports
  • Assist with connector integration


After Quickstart and fundamentals training, client teams are equipped to manage their Lockpath platform and develop customized workflows to advance the uses of the individual applications. However, many client organizations are short on head count. As a result, they often turn to the ProServ team to assist in creating the “future state” environment and subsequent configuration of the platform to manage their identified risks. Individual projects – Quickpath consulting engagements – are designed to perform this advanced configuration and training.

Each project scope is designed to meet the specific parameters established by the client team, allowing management to determine the level of investment in line with the deliverables desired.

Audit Management Icon

Internal Audit (SOX Testing)

Effective internal controls provide intelligence into an organization’s process and control framework. As Internal Audit assesses the organization’s risks and identifies controls to mitigate those risks, they can use Lockpath to link the risk and control information, attach supporting documentation, track remediation efforts, and generate dashboards for real time reporting. Additionally, the security infrastructure allows you to create an environment for external parties (e.g., external auditors, regulators) to view your documentation.

Our ProServ team has developed a variety of workflows across the key phases of the audit process:

  • Planning – Issue assessments that leverage a risk-based approach and assist in the development of your annual audit plan.
  • Fieldwork – Create workpapers and attach supporting documentation that identify your controls and support testing/findings.
  • Review – Transition completed work to a manager and/or auditees for review and approval, including review notes and follow up.
  • Remediation – Easily identify gaps and automate the remediation process – tracking, prioritization, and follow up. Automate reminders to notify resources of deadlines. Real-time reporting delivers actionable information to key stakeholders.
  • Reporting – Centrally manage results from risk assessments, control testing, audit findings and unresolved issues. Administrative dashboards track progress against deadlines, and help you manage your control testing lifecycle.

Download the White Paper
Leveraging GRC for PCI DSS Compliance

Compliance and Policy Management Icon


There are a variety of compliance guidelines and frameworks to which organizations are required (or choose) to comply. Without an adequate tool, the tasks can be overwhelming, particularly if you import multiple versions of the rules and associated controls.

Lockpath provides the capability to import various compliance docs, and generate a (1) comparison to determine the controls that satisfy multiple controls, eliminating redundant work; and (2) a gap analysis to determine those requirements that require additional controls and/or supporting documentation.

One example of a compliance framework is ISO 31000, which consists of 3 main components: principles, framework, and process. The principles provide guidance on how to build an effective risk management program; the framework provides the roadmap for designing, implementing, and improving that program; and the process provides a template for the risk management process itself. All of these components have a place, to varying degrees, within a GRC program and platform. The question, then, is where they best fit into the big picture, particularly as it relates to Lockpath.

Download the White Paper
Enabling ISO/IEC 31000 Adoption with the Lockpath Platform

IT Risk Management Icon


Managing vulnerability data is messy. To make matters worse, the larger your organization and the longer it’s been conducting vulnerability scans, the more likely it is that multiple scanners are in use. This often means trying to manually correlate disparate data formats to provide management with a reasonably complete picture. To top it off, each vulnerability scan vendor has its own rating scale for findings, making it more difficult to de-duplicate and correlate findings.

Even if your organization has found a method to manage the chaos, there are other challenges to consider. How well do your vulnerability scan findings map to assets? How easy is it to track remediation activities? Do your findings tie back to security requirements or your controls framework? From an operational perspective, finding and patching identified weaknesses is important. But from a risk management perspective it is also important to understand the relative risk of the findings and how the potential exposure may impact the business.

Lockpath can help aggregate and correlate disparate vulnerability data sets, tying that information to assets, controls and policies. The platform can also reduce the burden of tracking remediation activities, as well as improve overall reporting to suit both the needs of operations and risk management.

Download the White Paper
Building a Better Vulnerability Profile

Vendor Risk Management Icon

Vendor Management

Every company uses outside vendors to support their business practices. Building a strong relationship with your vendors strengthens the organization’s performance in the marketplace. Lockpath’s vendor management app allows you to rate prospective new vendors based on pre-determined criteria, to minimize the risk related to approving new vendors. The result is better quality, reduced costs, and increased customer satisfaction.

The ProServ team has worked with clients across industries to develop automated workflows to:

  • Gather vendor profile information (via questionnaires from vendor contacts)
  • Send assessments during on-boarding
  • Build risk ratings to calculate vendor risk
  • Construct vendor tables that house information (such as shipping times, quality of service) for future monitoring
  • Build dashboards that generate real-time information for management review.

Download the Lifecycle Guide
Third-Party Risk Management

Contact Us