Compliance
Our team will help you to achieve compliance in today’s complex and demanding environment in a cost effective manner, providing you with the proper tools and processes so you can make informed business decisions.
PCI Compliance
If your company processes, transmits and/or stores credit card information, you need to adhere to the Payment Card Industry Data Security Standard (PCI DSS). Our experienced team can help you meet your compliance needs and achieve your goals in a cost effective manner.
The PCI Security Standards Council (PCI SSC) is an open global forum for the ongoing development, enhancement, storage, dissemination and implementation of security standards for account data protection. PCI security standards are technical and operational requirements set by the PCI Security Standards Council to protect cardholder data. The standards apply to all organizations that store, process or transmit cardholder data – with guidance for software developers and manufacturers of applications and devices used in those transactions. The Council is responsible for managing the security standards, while compliance with the PCI set of standards is enforced by the founding members of the Council, American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc.
Merchants not compliant with the PCI Data Security Standard (DSS) are at a greater risk of security breaches from cyber criminals. The PCI DSS outlines best security practices to protect businesses against credit card breaches. All organizations, regardless of size, that accept credit or debit cards as a form of payment in person, by phone, or online, must be PCI compliant. Organizations that are not compliant are at a greater risk of security breaches, may incur fines from the card associations, and may lose the ability to process card payments.
Our services will ensure that your Information Systems are well protected and that you are in Compliance with the PCI Security Standards. We will provide you with the following PCI related documents:
- Policy and Procedures Document
- PCI Risk Analysis Report
- PCI Management Plan
- Evidence of PCI Compliance
- External Network Vulnerability Scan
- Internal Network Vulnerability Scan
- PCI Pre-scan Questionnaire
- External Port Security Worksheet
- Cardholder Data Environment ID Worksheet
- Server Function ID Worksheet
- User Identification Worksheet
- Necessary Functions Worksheet
- Antivirus Capability Identification Worksheet
- PAN Scan Verification Worksheet
- Compensating Controls Worksheet
- PCI Layer 2/3 Diagram
Explanation of Cybersecurity terms can be found here.
The Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule provides federal protections for personal health information held by covered entities and gives patients an array of rights with respect to that information. At the same time, the Privacy Rule is balanced so that it permits the disclosure of personal health information needed for patient care and other important purposes. The Security Rule specifies a series of administrative, physical, and technical safeguards for covered entities to use to assure the confidentiality, integrity, and availability of electronic protected health information. Organizations that process healthcare related information are required to protect that this information. The Summary of the HIPAA Privacy Rule can be found here.
The Privacy and Security Rules apply only to covered entities. Individuals, organizations, and agencies that meet the definition of a covered entity under HIPAA must comply with the Rule’s requirements to protect the privacy and security of health information and must provide individuals with certain rights with respect to their health information. If an entity is not a covered entity it does not have to comply with the Privacy Rule or the Security Rule. A covered entity is one of the following: A Health Care Provider, A Health Plan and A Health Care Clearing House.
Most businesses collect and store sensitive information about their employees and customers, like Social Security numbers, credit card and account information, and medical and other personal data. Many of them have a legal obligation to protect this information. If it gets into the wrong hands, it could lead to fraud and identity theft. That’s why any company that collects and stores sensitive information must consider the security implications and risks of using systems that are not well protected.
Our team will ensure that your Information Systems are well protected and that you are in Compliance as it relates to HIPAA, and that you are following frameworks and standards such as NIST, ISO and HITRUST. We will provide you with detailed reports and documents about your current HIPAA related preparedness and potential vulnerabilities, and any tools, processes and training that will help you to be better protected and prepared for any potential security breaches:
- HIPAA Policy and Procedures
- HIPAA Risk Analysis
- HIPAA Risk Profile
- HIPAA Management Plan
- Evidence of HIPAA Policy Compliance
- External Vulnerability Scan Detail Report
- HIPAA Compliance Assessment PowerPoint
- Response Report – HIPAA On-Site Survey
- Drive Encryption Report
- File Scan Report
- User Identification Worksheet
- Computer Identification Worksheet
- Network Share Identification Worksheet
- HIPAA Supporting Worksheets