top of page
Blue Background.png

Protect your sensitive data.

Protect your organization.

Bolster your security program by engaging with a partner that is willing to take the time to get to know your organization rather than offering a basic "one size fits all" approach. Our seasoned, certified professionals are highly accomplished at building security programs, assessing compliance, and managing risk - all tailored to your organization's needs.

Security Program Services

 Security Risk Assessments

Security Risk Analysis that meets requirements for HIPAA, HITECH, Meaningful Use, and OCR Audit Protocol. Detailed analysis of physical, administrative, and technical controls presented in a format that is objective, comprehensive, and actionable.

Social Engineering

Test and educate the greatest threat to cybersecurity – the human being. Phishing and vishing campaigns designed to meet specific customer needs; focused surveys to identify causal factors in falling prey to these attacks.

Business Impact Analysis

Identify maximum tolerable downtimes, resource requirements, system dependencies, and data flows through in-depth discovery with Business and IT Owners of each system.  Validate assumptions inherent in Business Continuity, Disaster Recovery, and Backup Plans.  Performed per NIST SP 800-34 and DRII standards.

Penetration Tests

Proper and thorough penetration testing is vital to an organization's security program; Latitude's penetration testing services provide our clients with the detailed insights needed to proactively mitigate vulnerabilities before they can be exploited by malicious attackers.

Tabletop Exercises

Put your incident response capabilities to the test with realistic scenarios tailored to your organization. 

Security Program Assessments

Latitude works with our clients to assess their security programs and identify vulnerabilities.  These assessments are used for Board of Director reviews, Grant programs, and funding justification. Our unique process allows us to identify and prioritize issues clients have and help them resolve in a timely and cost effective manner.

Third Party Risk Management

When onboarding a vendor or third party a thorough assessment of that organization's security posture is a must. Exploitation of third party vulnerabilities is not only common but can be extremely damaging. Latitude's management and performance of third party risk assessments ensure that your organization is protected.

Latitude has extensive experience assessing organization's security program against numerous frameworks and standards such as HITRUST, NIST 800-171, SOC2, ISO27K or CMMC. Regardless of the framework, we can help you create a plan that is tailored to your organization's goals.

Compliance Support
Security Training

Custom training content development and training delivery by consultants with years of industry presentation and college-level curriculum development experience.  Focused training for general staff, executives, and those with elevated privileges. 

Security Program Services
HITRUST Program Mgmt

HITRUST Management Services

CSF Logo.png

CSF Adoption

Ready to adopt HITRUST?  Don't build an airplane as you're flying it, engage experts to help get your program off the ground or align your mature program to the industry standard. 


The first step on the journey to certification is defining the scope boundaries and meaningfully adopting the HITRUST CSF. All too often an organization is given templates and rushed into the assessment phase.  That approach forgoes the most important part of the HITRUST Assurance Program - the aligning of your program to the CSF. 


With experience that comes only after years of building security programs, Latitude is the partner you can trust to build the assessment-ready security program your organization deserves. 


Contractual requirement for certification?  Ready for a Validated Assessment? Want to avoid assessment fatigue?   Getting started can be a challenge...

Having served on the HITRUST Alliance Assessor Council and with experience performing  countless HITRUST assessments - no one is better qualified to be an advocate and advisor to your healthcare organization than our CCSFP-credentialed consultants.  

Our HITRUST Assessment Management service augments your team with experienced assessment staff to guide you through the entire adoption, certification, and maintenance life-cycle.  Don't take your focus off security to coordinate an assessment - let us manage your assessment effort for you.

Corrective Action Plan

Just wrapped up an assessment?  Certified with CAPs?

HITRUST certification is a huge milestone for your program and while it certainly represents a strong foundation, no organization is entirely without risk.  Partner with Latitude to seek expert advice on the creation of Corrective Action Plans (CAPs) and then let us coordinate their completion.  

v Logo.png
Version Refresh

Want to minimize effort with a re-certification effort? Keep your program current by adopting the newest CSF version PRIOR to your assessment.

The last thing Latitude would advise is postponing the adoption until the assessment.  Building a program is more than just adding some more template language to a document before the testing begins.  New and changing requirements demand the careful evaluation of controls and practices; and when needed, remediation.  Don't wait until the last minute - ask us about refreshing your program to address the latest and greatest long before the assessment.



It seems a long journey from ensuring the security and combat readiness of a nuclear weapon system to the protection of healthcare data, but that’s the path that gave rise to Latitude Information Security.  Our foundation is rooted in discipline that enables a strategic weapon system to remain on alert for over 40 continuous years without significant incident. It's the vigilance in adhering to simple but rigid and overlapping security controls – the hallmark of “defense in depth.”  That journey eventually led to our founders first working together as First Responders, directly responsible for the care and well-being of patients.  Merged with extensive civilian experience  and leadership in Information Technology and Security, Latitude brings a vigilance to security programs, a deep knowledge of healthcare, and a passion for protecting both the patient and the organization that is unique.  Put plainly...service is in our DNA.

As prior members of the HITRUST Alliance Assessor Council, and with extensive experience advancing programs and evaluating against NIST, ISO, and other security standards, Latitude’s founders understand the benefit of adopting and adhering to a security framework but also appreciate from first-hand experience the challenges faced by organizations in effectively completing such a complex endeavor amid competing initiatives.  Latitude addresses this challenge by working as a part of our clients’ security and compliance teams, effectively managing security initiatives, advancing risk management tasks, and taking the heavy lifting off our clients’ shoulders.

The Pareto Principle does not apply here; it states that 20% of the workers produce 80% of the results.  At Latitude, 100% of the team produces 100% of the results.  It’s born from our roots in the military and emergency services, where complete commitment to the mission is demanded.  Expect integrity in preparation and excellence in execution.  Expect targeted solutions that are informed by your unique organization and risks.  Expect detailed reports with a clearly defined path to effective risk mitigation.


That’s our Ethos.  And we’re proud of it.  

Mark Ferrari


Mark Ferrari is a graduate of Villanova University and former military officer with over 25 years of healthcare, security, and compliance experience. Mark holds the PMP, CISSP, and HCISPP credentials and served on the HITRUST Assessor Council in 2018-2019.

Keith Kenna


Keith Kenna is a graduate of West Chester University and brings 15 years healthcare, security, and compliance experience.  Keith’s project management experience includes clinical, IT, and information security efforts.  Keith holds the PMP and HCISPP credentials, is an active HITRUST Certified CSF Practitioner, and recently served on the HITRUST Assessor Council (2018-19).



Email & Phone



736 Springdale Drive  

Exton, PA 19431

  • Grey LinkedIn Icon
  • Grey Twitter Icon

Reach out

Thanks for reaching out - we'll be in touch shortly!

bottom of page