Do you have a documented Security Policy? Is your staff signed off on appropriate security training? Have you ever heard any of these acronyms mentioned in your business environment: PCI, HIPAA, SOX, ISO, SAS70, GLBA, 17A-4, Title 21? Adverse to risk?
In today’s technology landscape it is imperative to meet your industry standards for compliance. In an environment where identity, private information, financial transactions and other sensitive data are stored and exchanged; having an experienced technical partner like True Defense is paramount to guide you through the process.
In many cases, there is substantial business risk for non-compliance both regulatory, financial, and in reputation. Imagine the damage of having to notify your customers/clients of a data breach and their potential exposure to fraud, in addition to penalties and fines? In other cases, maintaining a formal certification is a business enabler to secure contracts and customers that are looking for a higher level of system integrity and stability.
True Defense can guide you through each of the phases of a successful compliance strategy, including: Systems Audit, Documentation and Policy Making, Technical Design (Encryption, Storage and Network Security), Solution Deployment, Periodic Audit and Maintenance.
While compliance is an essential business commitment, a great deal of the initial work is a one- time activity that lends itself to bringing in the compliance specialists from True Defense. Our knowledgeable team will work hand in hand and coordinate the effort with your various departments and IT staff to deliver a straight forward, cost-sensitive, compliant solution and the training, knowledge transfer, and ongoing support to maintain it.
Please call 888-435-3023 to reach one of our technical business specialists to discuss your potential needs and requirements to build a solid and secure foundation for your business.
Cross Sector Compliance Standards
Credit Card Transactions
– The Payment Card Industry Data Security Standard (PCI DSS 1.2). There are twelve security requirements mandated by PCI, of which several relate directly to security and log management – including the troublesome log management, analysis, data monitoring and intrusion prevention solutions.
Financial Audit – Sarbanes Oxley Act (SOX)
. Focuses on internal controls and the integrity of data as it relates to reporting financials. It provides a higher level of integrity for financial audit opinions and the associated value.
IT Best Practice Security Framework – (ISO 27002, ITIL, CoBIT and COSO)
. These are organization security standards that go through a formal risk assessment to provide certification necessary that enable or are required for business relationships in providing goods and services.
Handling of Financial Data – Gramm–Leach–Bliley Act (GLBA)
. Developing security policies and practices, controlling access, and provisioning proper safeguards to ensure protection of nonpublic personal information.
Compliance Standards by Business Sector
Medical Records & Health Insurance – Health Insurance Portability and Accountability Act (HIPPA)
. Security Standards that mandate the electronic health information safeguards.
Service Organizations & Processors – Statement on Auditing Standards No. 70 (SAS70)
. Service organizations or service providers must demonstrate that they have adequate controls and safeguards when they host or process data belonging to their customers.
Manufacturing and Supply Chain – Quality Management & Systems (ISO 9004)
. Integrity of supply chains is inexorably linked to suppliers’ management systems that are committed to establishing and maintaining systems that espouse the practices of securing, monitoring, and maintaining their environment.
Broker-Dealer Information Storage Regulations – (17a-4)
. SEC specific requirements to store brokerage transactions in a secure environment, unaltered, and the monitoring and logging to meet the regulations.
FDA Drug Electronic Records and Signatures – (Title 21 CFR). Part 11
, as it is commonly called, defines the criteria under which electronic records and electronic signatures are considered to be trustworthy, reliable and equivalent to paper records.