Success Stories

Enabling a major CRO to turn FISMA compliant

Etash Global assists a major clinical research organization (CRO) to become compliant with FISMA. Understandably, likewise with all other clients, this CRO client had no prior experience with federal compliance reporting or compliance assessment.

The challenges that we have encountered with this client are,

  • They had no compliance culture, which demanded for groud-up support on all aspects of FISMA compliance
  • Gross mismatch between the old security policies and the current FISMA framework
  • Gas and deficiencies in the client's internal controls
  • Utter lack of technical understanding of critical compliance tools and solutions
  • Lack of project management plan that is scalable and accurate


Overall, the CRO client required a trusted FISMA compliance provider with tool sets for monitoring the entire FISMA process. Etash Global has met every requirement of the CRO client with proven expertise and commitment to timelines.

Etash Global offered the needful solutions, by which the CRO client turned FISMA compliant. Our end-to-end information security solutions helped the client to achieve regulatory compliance. This collaborate and coordinated effort with the client's internal teams helped us to,

  • Define totally each project’s scope and ensure quality client participation
  • Identify all control gaps and recommendations for remediation
  • Set up demo web sessions with software vendors for critical security tools
  • Review completely all CRO's documentation and began authoring new policies and procedures
  • Establish contact and working relationships with all vendors like cloud service providers and the managed security services providers


Etash Global could finally address the challenges faced by the CRO client by,

  • Implementing the compliance framework
  • Developing the required information security policies and procedures
  • Remediating of all in-scope required controls.


Etash Global's Security Assessment Report (SAR) and System Security Plan (SSP) as prepared for the CRO client helped to showcase compliance to the Department of Health and Human Services (HHS) – National Institutes of Health (NIS) division.

Etash Global generated phenomenal value for the client. For the first time, information security was taken seriously, and awareness was created of tools and resources for protecting organizational assets. By implementing a reliable and mature compliance framework, all personnel across the client's organization knew the importance of their roles and responsibilities.

Most important of all, our support on achieving FISMA compliance imparted an ability to the client to successfully obtain additional federal and private sector contracts with FISMA compliance.

Contact Us

Ready to get started?

Back to Top