Compliance Management

We worry about your compliance
while you focus on growing your business

Being compliant means that you are aware of and have taken the right measures to ensure you comply with relevant regulations based on your industry, location, and more.

Without the right measures in place, hacks and data breaches occur often resulting in some sort of loss; whether it be a financial loss or sensitive information leaked. These types of losses are not to be taken lightly as they can have heavy consequences such as loss of trust, bankruptcy, going out of business and more.

it-compliance

Compliance management should be a top priority for all IT executives. Here’s why:

 

  • Take control. With compliance comes governance, which helps reduce the attack surface by restriction access through enforcement of compliance. By implementing governance access controls internally, you can determine which employees have access to which company data and what they can do with it, including who they can share it with internally and externally.
  • Reduce and control risk. With governance and compliance, you will reduce risk and ultimately minimize your losses such as sales losses, legal fees, and fines, brand reputation and more.
  • Increased security. By maintaining compliance, you’re taking the required security measures to protect you and your clients from a breach.

Most importantly, you benefit from maintaining trust; trust from your customers, partners, and employees. Over time your trust builds your brand and increases sales. No one wants to be the next headline due to a data breach.

With so many compliance rules and regulations, it can be hard to stay on top of them all, especially when you have different systems and applications. By implementing the right security and controls, automation, and cloud, we can cover all angles of compliance without breaking a sweat. Here’s a list of compliance laws that our team works with on a daily basis to help you stay safe and secure.

Privacy Compliance

California Consumer Privacy Act

The California Consumer Privacy Act (CCPA) is a California law that grants California residents a very high level of control of their data, including but not limited to the right to know what personal information is collected about them, whether it’s being sold or shared and grants them the right to deny the sharing or selling of their data. Additionally, it gives them access to their personal information and equal service and price even if they exercise their privacy rights. This law will take effect in January 2020. Are you ready?

General Data Protection Regulation (GDPR)

The General Data Protections Regulation (GDPR) is a regulation in EU law regarding data protection and privacy for EU and EEA individuals. This regulation aims to give individuals more control over their personal data and what is shared. Whether you’re located in the EU or just have one subscriber or customer in the EU, your company needs to be compliant or you may face heavy fines or criminal charges. Watch our webinar on GDPR to learn more.

HIPAA

The Health Insurance Portability and Accountability Act provides the ability to transfer and continue health insurance coverage for American workers and their families when they change or lose jobs. It mandates industry-wide standards for handling healthcare information and any processes. Lastly, it requires the protection of this health information so that it remains confidential. HIPAA is essentially in place to reduce healthcare fraud, abuse and leaking of sensitive health information.

PIPEDA

The Personal Information Protection & Electronic Documents Act is a Canadian law relating to privacy and governs how private sector organizations can collect, use, and disclose personal information during commercial business.

How We Help: Our team of information privacy experts can provide an assessment that assesses many layers: We 1) identify what personal data you have and where it resides, 2) assist in governing the use and disposal of data, 3) manage how personal data is used and accessed, 4) determine how we can best protect that data, and 5) establish security controls to prevent vulnerabilities and breaches. To learn more about or request an assessment, click on one of the links below:

Microsoft Cloud Security Assessment | GDPR Discovery Assessment | Shadow IT Assessment

Click here to watch our GDPR Checklist webinar to learn more.

Corporate Compliance

SOX

The Sarbanes-Oxley Act is US law and was created as a way to increase transparency in corporate and financial reporting and is essentially a formal checks and balances system. It applies to both American and international companies that have registered with the SEC. Any accounting or financial services party should be familiar with SOX, as there are fines and other penalties for not meeting compliance standards.

PCI DSS

The Payment Card Industry Data Security Standard is an information security standard for any organization that handle credit cards. It is a way to detect and prevent fraudulent credit card activity. It is required by law that compliance be validated annually or quarterly. If you’re an organization that accepts credit card, you must maintain compliance.

NIST 800-53 & NIST 800-171

The NIST (National Institute of Standards and Technology) 800 series documents US federal government security policies and procedures. The NIST 800-53 documents and recommends security controls for federal information systems and organizations. The NIST 800-171 is a document titled “Protecting Controlled Unclassified Information in Nonfederal System and Organizations” and provides cybersecurity requirements for protecting sensitive information. This includes protection across IT networks, email servers, data centers, and VPNs.

How we help: We have the skilled personnel, firewall log scanners and project management expertise to evaluate your overall risk of vulnerabilities when it comes to outside access availability. Combined with the power of unique capabilities within the Microsoft cloud, we will carefully evaluate your firewall logs to discover exactly what cloud-based applications are being used. We will then present this information back to you at a high level and offer how we will engage with your users and organization to mitigate the use of these services and educate users on how to use sanctioned services.

Finance and Securities Compliance

SOC 2/3

SOC 2 is an auditing process that ensures service providers like us are securely managing your data in a private and confidential manner. This includes a variety of criteria including MFA, encryption, firewalls, DR, security, access controls, QA, process monitoring, and more.

FINRA

The Financial Industry Regulatory Authority, Inc is an American, private organization that enforces high ethical standards while protecting investors and market integrity. Specifically, FINRA oversees brokerage firms, monitors equities markets, detects potential fraud and keeps investors and brokers informed.

How we help: By partnering with our team, we work together with you on identifying issues in your audits and uncovering the underlying technical issues. We also provide a more hands-on assessment to resolve these and work alongside you as your experienced technology advisor while keeping in mind overall business goals and objectives.