We facilitate audits, develop policies, and procedures to ensure full compliance.
We start with a baseline and a pre-assessment to gather information for a gap analysis.
We develop key performance indicator (KPI) to ensure progress and get traction for compliance.
PCI DSS
ISO 27001
HIPAA
- The Health Insurance Portability and Accountability Act (HIPAA) sets the standard for sensitive patient data protection. Companies that deal with protected health information (PHI) must have physical, network, and process security measures in place and follow them to ensure HIPAA Compliance. We have certified EPHI handlers and comprehensive understanding of workflow.
SSAE 16 SOC I and II Reporting
- SOC 1 Type 1: A design of controls report used for evaluating and reporting on the design of controls put into operation as of a specific point in time.
- SOC 1 Type 2: Includes the design and testing of controls to report on the operational effectiveness of controls over a defined period of time (typically six months).
- SOC 3: A general use report that falls under the SysTrust and WebTrust seal programs, and does not contain a description of the service auditor’s test work and results.
Privacy Compliance
- Our Privacy Management services cover various aspects of privacy, including maturity assessments, cookie consent, data inventory, privacy risk assessment, privacy operations, privacy training, and vendor risk management. With these services, we help clients understand and manage their data privacy risks, ensure compliance with relevant state laws and regulations, and build a strong privacy culture within their organization.
In addition, we offer specialized Privacy Compliance services to help clients comply with specific regulations such as the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA). Our team has extensive experience in advising clients on CCPA/CPRA compliance requirements, conducting privacy impact assessments, and developing CCPA/CPRA-compliant policies and procedures.
How is your business governed, first by policies then by SOP’s with controls, then an auditor will check to see if your company does that.
At our firm, we are committed to helping our clients demystify and maintain compliance with applicable regulations.
Contact us today to learn more about how we can help your organization build a robust compliance program.
- Organizational policy
- Acceptable use policy
- Risk management policy
- Vulnerability management policy
- Data protection policy
- Access control policy
- Business continuity policy
- Log aggregation and auditing policy
- Personnel security policy
- Physical security policy
- Secure application development policy
- Change control policy
- E-mail policy
- Incident response policy