Compliance & Auditing
Many organizations today understand that information security compliance is important and necessary. But many businesses face the challenge of implementing a cost effective and comprehensive method to become fully compliant and auditable by public and private regulators. We want to help you navigate through the compliance and auditing processes. We have the experience and the business acumen to identify a cost effective solution for your compliance needs. Below are the most common compliance and auditing regulations that we can help you with.
"The Health Information Technology for Economic and Clinical Health (HITECH) Act, enacted as part of the American Recovery and Reinvestment Act of 2009, was signed into law on February 17, 2009, to promote the adoption and meaningful use of health information technology. Subtitle D of the HITECH Act addresses the privacy and security concerns associated with the electronic transmission of health information, in part, through several provisions that strengthen the civil and criminal enforcement of the HIPAA rules." (U.S. Department of Health & Human Services)
"The Administrative Simplification provisions of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) called for the establishment of standards and requirements for transmitting certain health information to improve the efficiency and effectiveness of the health care system while protecting patient privacy. The Administrative Simplification Regulations have been developed to implement these statutory provisions." (U.S. Department of Health & Human Services)
"The Family Educational Rights and Privacy Act (FERPA) (20 U.S.C. § 1232g; 34 CFR Part 99) is a Federal law that protects the privacy of student education records. The law applies to all schools that receive funds under an applicable program of the U.S. Department of Education." (US Department of Education)
"The PCI DSS, a set of comprehensive requirements for enhancing payment account data security, was developed by the founding payment brands of the PCI Security Standards Council, including American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc. Inc. International, to help facilitate the broad adoption of consistent data security measures on a global basis." (PCI Security Standards Council)
"The Critical Infrastructure Protection program coordinates all of NERC’s efforts to improve physical and cybersecurity for the bulk power system of North America as it relates to reliability. These efforts include standards development, compliance enforcement, assessments of risk and preparedness, disseminating critical information via alerts to industry, and raising awareness of key issues. NERC Standards CIP-002 through CIP-009 provides a cyber security framework for the identification and protection of Critical Cyber Assets to support reliable operation of the Bulk Electric System." (North American Electric Reliability Corporation)
If you would like to contact us about our compliance and auditing services please click here.
|
