A few compliance and security factors to consider in your environment:
- Do you know your scope?
- Do you know your data within that scope?
- Is compliance your baseline or objective?
- Do you understand the compliance requirements?
- Have you mapped to external requirements?
- Are you following audit best practices?
- Do you have the right security partner?
- Do you know your adversaries?
- Do you have the visibility you need?
- Is your Operations appropriately configured and staffed?
- Have you built a culture of security across your business?
- Have you combined people + processes + technology?
- Do you have appropriate measures in place?
- Do you have trusted partners?
The guys at Armor are solid, btw. Enjoyed meeting them a few times in 2018 at their CTF events. And very recently at the Dallas Cyber Security conference.