Regulatory Compliance
Are You In Regulatory Compliance - Or In Danger?
There are two key pieces to regulatory compliance: maintaining compliance with the regulations governing your niche, and also making the best effort to stay current with your cybersecurity defenses and policies. Compliance standards acknowledge that cybersecurity is an ever-changing, ever-evolving world. That’s why best practices are the standard, not a complete lack of a breach.
After government compliance is compliance with your cybersecurity business insurance policies. These are typically fairly strict but must be followed to keep you protected.
Between government regulations and risking losing your shirt without the coverage of insurance, cybersecurity regulatory compliance is a necessity. Focus on your clients, and leave the compliance issues to us.
Here's how our regulatory compliance services work.
Comprehensive Interview
We start with a comprehensive interview with your leadership, IT, and sales staff as well as reviewing your insurance policies.
Review Infrastructure, Policies and Procedures
Each industry and niche is different and has different regulatory demands. We build our solutions with your needs in mind.
Identify Compliance Vulnerabilities
We identify current compliance vulnerabilities, review them with you, and explain both the implications and a remediation plan.
Prioritized Plan to Establish & Maintain Compliance
We provide prioritized recommendations and next steps to walk you through establishing and maintaining compliance.
Compliance Regulations and Standards: What They Do, and Who They Apply To
NIST: National Institute for Standards and Technology
What It Does: Sets the standard for understanding and managing data, records, and cybersecurity footprint for businesses and organizations.
Who It Applies To: This especially to applies to businesses and organizations that work and/or interface with the government, especially the Department of Defense
CJIS: Criminal Justice Information Services
What It Does: CJIS is the standard protecting national security information, civil liberties, and other sensitive information. CJIS also prevents unauthorized access to information pertaining to the criminal justice system, like identity history, biographical data, property data, and case/incident histories.
Who It Applies To: Compliance is mandatory for any entitiy able to access or use CJI, including law firms, state, county, and municipal court systems, treatment providers (substance and mental health) that work with criminal populations, and law enforcement, including probation and parole programming. Failure to comply can result in revocation of access rights.
HIPAA: Health Information Portability and Accountability Act/FERPA: Family Educational Rights and Privacy Act
What It Does: HIPAA overs creating, storing, and transmitting protected Personal Health Information.
FERPA protects the privacy of student education records from kindergarten through graduate school, allowing parents to have access to their children’s records, seek to have records amended, and have some control over the disclosure of personally identifiable information from those education records. These two regulations go hand-in-hand often, like immunization records for school and treatment plans including both medical and educational aspects, etc.
Who It Applies To: HIPAA applies to any medical practice, including general practice, specialties, dental/orthodontia, mental health and substance abuse providers, and anyone who works with these practices.
FERPA applies to school districts, early childhood education centers and programs, parents and students, researchers, and education officials. It also applies to ancillary and partner programs with the schools.
FISMA: Federal Information Security Management Act
What It Does: Protects federal government assets, information, and data against threats
Who It Applies To: Businesses, organizations, school districts, and governments who access federal information, control federal assets (like federal grant money), and the data to execute using those funds/information.
PCI DSS: Payment Card Industry Data Security Standard
What It Does: This is the standard designed to help organizations who handle credit/debit card information keep it safe and secure. This covers cardholder data protection, access controls, secure network systems, and encrypted data transmission.
Who It Applies To: If your organization accepts credit and debit card payments, you must be compliant with PCI DSS, no matter how small or large. This includes debit, credit, and even repair cards used by your customers.