Compliance Consulting Services
What Laws, Regulations, and Industry standards does your organization need to comply with? Organizations in the same industry handling the same type of sensitive information, regardless of the size, generally must comply with the same requirements.
We can help perform a Compliance Gap Assessment following the respective industry standard, including but not limited to the following:
- NIST Cybersecurity Framework
- NIST SP 800-53
- NIST SP 800-171
- ISO 27001 / ISO 27002
- United States State Data Privacy Laws (State Laws)
- United States State Security Breach Notification Laws (State Laws)
- HIPAA (Federal Law)
- PCI-DSS (Industry Standard)
- GLBA (Federal Law)
- FINRA (Federal Security Laws / Rules and Regulations)
- SOX (Legislation)
- 23 NYCRR 500
- FTC (Regulations)
- FFIEC (Regulatory Body)
- FERPA (Federal Law)
- EU GDPR (Regulation)
- Children’s Online Privacy Protection Act (COPPA)
- and more.
DISCLAIMER: after an initial Basic Security Assessment, this is a good second step. We can help your organization with your compliance efforts, and the level of compliance your organization reaches depends largely on the commitment and resources allocated towards this goal. It is critical to understand that being compliant does not make your organization secure or vice-versa. Implementing a formal Information Security Program following an Industry Standard Framework like the NIST Cybersecurity Framework or ISO 27001 would be the next step.
Please let us know how we can help, take advantage of our initial FREE 30-minute Consultation. Contact us to get started.