Overview

NCG consultants work to build strong client relationships; working with our clients to accomplish some of their most important challenges. We strive to understand each individual client’s goals, the specifics of their market, and how their organization is structured. By tailoring our efforts to what each client needs, we have been successful in delivering value.

NCG’s past performance has ranged from some of the US’s largest firms to regionally focused organizations. We have supported some of the nation’s largest banks, as well as regional hospital groups through a range of activities from cybersecurity to acquisition support. Following are some examples of how NCG has worked with clients from a range of critical infrastructure industries and the public sector.

Greater Boston Area to Regional Risk Assessments

Under a grant from the Department of Homeland Security, NCG developed a NIST-based framework and conducted cybersecurity risk assessments for government services across the Boston region (Massachusetts, New Hampshire, and Rhode Island). These assessments outlined current threats and vulnerabilities, as well as provided insight into resiliency capabilities locally and in conjunction with federal resources. NCG worked with stakeholders across the region to develop remediation roadmaps and establish a Cybersecurity Working Group to coordinate ongoing efforts and collaboration.

Checkout another example of our Risk Assessment efforts

Sustainable Security Program

In light of rapid expansion of both retail and distribution channels, Stonewall Kitchen turned to NCG to establish a sustainable security program to meet current needs and have the ability to scale for future growth. NCG helped Stonewall Kitchen develop internal capabilities and relationships with key vendors designed to scale with the organization as it grows from a regional to an international operation. NCG provided a process to evaluate and select technological tools, implement and manage security training, and institute more robust processes and procedures.

Business Continuity

TD Bank looked to NCG to guide the development of a Business Continuity Program. This Program allows operations, from the teller line to back-end processing, to continue in the event connectivity or system availability is lost. NCG designed and architected the procedural and technical elements of a continuity program that would ensure customers could get their deposits in the event of a disruption.

Map of Critical Business Processes

Beyond the recovery of computer systems and access to data, Volk wanted a detailed plan that provided for the complete resumption of critical business processes across the organization.

Read more about this BCP effort

Disaster Recovery Programs

TD Banknorth engaged NCG to develop a Disaster Recovery (DR) currency and testing program for its Branch Network automation program, which was comprised of multiple systems utilizing different infrastructures and networks. NCG developed a current baseline of functionality, service level agreements, and a transition threshold process to support transition to DR operations. NCG managed efforts between various business lines and vendors to develop DR exercises and evaluation criteria to conduct annual drills and tests.

Risk Assessment to Compliance Based Risk Assessments

NCG works with MaineHealth and its member groups to maintain a robust security posture while ensuring compliance with CMS Meaningful Use requirements. NCG has supported MaineHealth and its member groups with third-party assessments as well as technical consulting to develop local and enterprise-level programs in addition to implementing practices to protect patient health information across a diverse, heterogeneous operating environment.

Contract Management to Vendor and Third Party Security Controls

NCG has worked with TD Bank to create enterprise Master Service Agreements and SOWs to meet the latest OCC/FDIC guidelines for supplier privacy, confidentiality, audit rights, security controls, and other essential terms and conditions for key third-party suppliers. With the targeting of financial institutions and their vendors, NCG helped TD establish frameworks to manage security and performance in day-to-day operations as well as for strategic growth.

Pentesting & NIST Based Methodology to PenTesting and Social Engineering Testing

NCG helped Cianbro evaluate the effectiveness of their perimeter defense and monitoring systems using a combined pentest Execution Standard (PTES) and NIST-based methodology. NCG developed a comprehensive report of findings and recommendations describing evidence of compromise and attack vectors to provide Cianbro with information to take remediation action as needed.

Vulnerability Testing to Vulnerability Scanning

NCG provided the City of Portland, Maine, with a comprehensive vulnerability assessment of its current technology infrastructure and capabilities. The assessment included a roadmap to address technical and procedural opportunities based on priorities specific to a city government. NCG provided security and engineering consultation to help with defining and architecting solutions that were comprised of near-term, as well as longer-term, initiatives. NCG worked with stakeholders to evaluate options and incorporate security into the capital planning process.

Growing Operations

During acquisitions and divestitures, unique security challenges arose between the buyer and seller, their third parties, as well as vendors and contractors. The integration process involved data conversions and platform migrations that depended on data for development and testing. NCG has worked with TD Bank through nine acquisitions/divestitures, ensuring the secure and effective management of data between various parities while ensuring the ability for required efforts to execute properly.

Acquisition Support

TD Banknorth needed control and management of the various technology components of an acquisition. They also needed technical leadership to help bridge technology related activities with their various business lines.

Read more about this Acquisition effort

Ensuring Performance

The State of Maine’s Department of Professional and Financial Regulations needed an Independent Verification and Validation (IV&V) of their Agency License Management System (ALMS). ALMS is used to manage the application, fulfillment, and tracking of licenses and permits. Drivers behind the IV&V need ensured proper project level risk management and scalability in the future.

Read more about this IV&V effort

Revenue Improvements

Franklin Community Health Network includes Franklin Memorial Hospital as well as Franklin Community Physicians. Both entities provide services that are billed through a central business office (CBO) although each entity has dedicated software and billing teams. The past years had seen significant management turnover within the CBO with corresponding alternate department structures attempted.

Read more about this Revenue Improvements effort

System Improvements

The State of Maine’s Office of MaineCare Services (OMS) Claims Management System (MECMS) was plagued by numerous issues. MECMS issues impacted OMS operations as well as significantly impacting the State’s general health care system and program Members.

Read more about this System Improvement effort

Healthcare Management

At Cayuga Medical Center, patient access and registration had been a growing area of concern. With Denials in billing on the rise, Cayuga decided to implement and evaluate changes in their registration department.

Read more about this Healthcare Management effort

Technology to Further Business

TD Banknorth had struggled to implement a branch automation system that would help streamline their ability to service customers and help increase product sales. The impetus for this project began in the early 1990’s going through a number of false starts, vendor changes, and management changes.

Read more about this Branch Automation effort

Manage Knowledge

TD Banknorth utilizes a large pool of staff augmentation contractors as part of its internal technology group, but had no process in place for knowledge capture or management. As contractors rolled off projects or left for other engagements all their experience and knowledge left with them.

Read more about this Knowledge Management effort
Back to Top