Compliance doesn't have to be a difficult process. Our experienced and results-driven team can help you easily navigate the requirements and seamlessly integrate cybersecurity and regulatory compliance into your organization through our expert advisory services, testing, planning and training as well as ongoing support and monitoring of your programs to ensure continuous regulatory compliance.
Protecting Controlled Unclassified Information
in Non-Federal Systems and Organizations
The National Institute of Standards and Technology (NIST) is a non-regulatory Federal agency responsible for establishing guidelines that apply to Federal agencies on many topics – including cybersecurity. NIST Special Publication 800-171, defines the Standards for the way contractors and sub-contractors of Federal agencies should manage and secure Controlled Unclassified Information (CUI). We can conduct a security assessment of your systems and processes to identify any potential non-compliance risk and help you implement the required security controls, as well as training your employees and actively monitoring your systems to ensure continuous protection of CUI.
Department of Defense Cybersecurity
Maturity Model Certification
The United States Department of Defense (DoD) recently released its' Cybersecurity Maturity Model Certification (CMMC) Version 1.0, the next stage in their efforts to enhance the cybersecurity posture of the Defense Industrial Base (DIB) and its suppliers. The new CMMC Regulations are an evolution of DFARS 252.204-7012 (NIST SP 800-171) and now requires third-party attestation. All organizations that provide services to the DoD will need to be CMMC certified to bid on Solicitations. The first solicitations with a required CMMC maturity level are expected to be released as early as June 2020. Our experts will help you understand - and implement these new security requirements to keep you competitive and compliant.
Federal Information Security Management Act
The Federal Information Security Management Act (FISMA) is U.S. legislation that defines a comprehensive framework to protect government information, operations and assets against natural or man-made threats and applies to all agencies within the U.S. federal government, including state agencies that administer federal programs such as student loans, unemployment insurance, Medicare, and Medicaid. However, even if you don't sell to government agencies, it is important to understand the regulations, as they often impact the private commercial sector; Our team can assist you with FISMA compliance and ensure your abidance with its' security requirements to give your enterprise a competitive advantage.
PCI-DSS / SAQ
Payment Card Industry - Data Security Standard
and Self Assessment Questionnaire
If you are a merchant of any size, in any industry, and you accept credit cards, you must be in compliance with the Payment Card Industry Data Security Standard (PCI-DSS). We've helped merchants of all shapes and sizes across a myriad of industries from retail to hospitality and financial services to hospitals understand and implement the PCI-DSS requirements to secure their payment systems from breaches and protect their reputation. If you are seeking guidance on compliance with these standards for your Self-Assessment Questionnaire (SAQ), our experienced team stands ready to craft a solution for your business.
The Health Insurance Portability & Accountability Act (HIPAA) is a national standard of privacy regulations that requires health care providers, physicians, dentists and hospitals, insurers and their business associates, to develop and follow procedures that ensure the confidentiality and security of protected health information (PHI) when it is transferred, received, handled, or shared. The security rules are scalable based on your organization's size and we have the expertise to help you navigate the requirements and implement a security policy appropriate for your specific environment.
The General Data Protection Regulation (EU) 2016/679 (GDPR) is a regulation regarding data protection and privacy in the European Union (EU) and the European Economic Area (EEA). It also addresses the transfer of personal data outside the EU and EEA areas. The GDPR is central to data privacy laws and aims primarily to give control to individuals over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU. We have worked both internationally and with US-based global companies and that has afforded us a deep and keen understanding of the GDPR requirements to best enable your firm to become, and stay, compliant.
California Consumer Privacy Act
The California Consumer Privacy Act (CCPA) is a robust data protection and privacy regulation designed to protect the personal information of all California residents and regulates how certain businesses all over the world are allowed to handle that personal information; drafted as a compliment to CalOPPA, it is the first law of its' kind of United States, and surely won't be the last. If your business meets any of the three CCPA thresholds and has an online domain, you are required to implement the CCPA. Our experts in California, and across the country have the knowledge and expertise to help you understand and implement compliance with these obligations.
The New York SHIELD Act
Stop Hacks And Improve Electronic Data Security
The New York Stop Hacks and Improve Electronic Data Security Act ("SHIELD Act") amends NY's data breach notification law and adds to the growing list of states enacting data security laws to protect the privacy of their residents. New York’s law requires the implementation of a cybersecurity program, including reasonable protective measures such as risk assessments, workforce training, incident response planning and testing on any employer, individual or organization, regardless of size or location, which collect private information on NY residents. Our experts have a strong understanding of the GDPR & CCPA and are positioned to help you understand and achieve compliance with the newest laws and regulations.
SOC 2 Type 2
System and Organization Controls - Type 2
System and Organization Controls - Type 2 (SOC 2 - Type 2) is a component of the American Institute of CPA's auditing procedure that ensures your third-party vendors and service providers securely manage your data to protect the interests of your organization and the privacy of its clients. SOC 2 defines criteria for managing customer data based on the five trust service criteria and a SOC 2 assessment can empower your organization by ensuring the security, integrity, confidentiality and privacy of your customers' personal assets. Our seasoned experts will work with you to craft controls sensitive to your specific business practices which comply with one or more of the five trust service criteria.