Aperture advises on a complex patchwork of state, federal and transnational laws, policies and industry standards, like the NIST 800-53 security controls, HITRUST Common Security Framework (CSF), the AICPA’s Trust Principles, the Center for Internet Security’s Common Security Controls (CIS CSC) and the Federal Risk and Authorization Management Program (FedRAMP). Counseling may include: review of existing products, services and marketing activities to ensure compliance; review and negotiation of privacy provisions in commercial or corporate transactions; performing privacy impact assessments; consulting with business and dev/ops leaders as a subject matter expert on privacy and data security issues; conducting privacy training and awareness activities; establishing the functions of a privacy office; and developing privacy incident response plans.