Compliance built for
high-consequence
environments.
Practical governance, risk, and compliance consulting for internationally connected organizations operating across borders, data protection obligations, and emerging cyber-risk expectations.
Discipline and procedural precision.
Meridian Risk Group was founded by a U.S. Air Force Flight Security Controller with experience supporting operations in highly regulated environments where procedural discipline and security standards were essential.
Additional background includes military law enforcement, international operations across the Middle East and Southeast Asia, graduate-level credentials in software engineering and cybersecurity studies, and applied experience in security protocol environments.
Services
Every engagement is scoped individually based on the organization, framework, data exposure, and operational risk profile.
Risk Assessment
Identify, evaluate, and document operational, cybersecurity, and compliance risks with practical remediation priorities.
Gap Analysis
Measure current posture against GDPR, PDP Law, NIST CSF, HIPAA, or ISO 27001 expectations.
Policy Development
Plain-language policies and procedures covering data handling, incident response, access control, and vendor oversight.
Security Awareness
Practical training for staff on data protection, phishing, incident reporting, and compliance responsibilities.
Compliance Roadmap
A prioritized plan for improving compliance maturity within realistic timelines, budgets, and operating constraints.
NIST CSF Assessment
Structured review across Govern, Identify, Protect, Detect, Respond, and Recover functions.
Data Flow Mapping
Document how personal data enters, moves through, and exits the organization.
Vendor Risk Review
Evaluate third-party exposure through questionnaires, documentation review, and risk scoring.
Privacy Notice Review
Review public-facing privacy language against actual data practices and legal expectations.
Risk Register Development
Create a living risk register that supports leadership visibility and ongoing control monitoring.
HIPAA Risk Assessment
Assess safeguards and risk posture for organizations handling protected health information.
Maritime Cybersecurity GRC
Governance and compliance support for maritime operators, logistics firms, and vessel-connected environments.
Standards We Work In
Framework selection depends on jurisdiction, client requirements, industry expectations, and business risk.
EU Data Protection
Applies to organizations handling personal data of EU residents, including businesses outside the EU.
Personal Data Protection Law
Indonesia’s national privacy law and a major concern for local and international operators.
Cybersecurity Framework
A practical framework for organizing cybersecurity governance and risk management.
Information Security Management
International standard for establishing and maintaining an information security management system.
Health Data Safeguards
Relevant for U.S.-connected organizations handling protected health information.
Security & Privacy Controls
A comprehensive control catalog used in federal and high-assurance environments.
Risk & Compliance Insights
Use this section for articles, breach analysis, framework updates, and practical guidance.
What Indonesia’s PDP Law Means for Businesses Handling European Data
Organizations operating in Southeast Asia may face overlapping data protection obligations when serving international clients and guests.
NIST CSF 2.0The Govern Function and Why It Matters
NIST CSF 2.0 places governance at the center of cybersecurity risk management, not as an afterthought.
HospitalityGuest Data Is a Compliance Asset and a Liability
Hotels, resorts, and tourism businesses collect sensitive data that often lacks formal governance.
Start with a free assessment call.
Thirty minutes. No obligation. We discuss your current environment, identify major areas of concern, and outline practical next steps.