No matter what industry your organization is in, corporate compliance is an essential part of operations.

What is corporate compliance? Simply put, corporate compliance is the process of making sure your company and employees follow the laws, regulations, standards, and ethical practices that apply to your organization.

Effective corporate compliance will cover both internal policies and rules and federal and state laws.  Enforcing compliance in corporate policy will help your company prevent and detect violations of rules. This can save your organization from fines and lawsuits.

Corporate compliance also lays out expectations for employee behavior, helps your staff stay focused on your organization’s broader goals, and helps operations run smoothly. This process should be ongoing. Most organizations establish a corporate compliance program to help govern policies and compliance.

Compliance Services we provide

Risk Assessment –  Finding the problems first so you can put a plan in place to remediate and bring a client up to an acceptable level of risk.  We assess your policies and procedures, build a compliance framework, scan for security vulnerabilities and give you an executive summary with gap analyses, risks and recommendations.

HIPAA –   The Health Insurance Portability and Accountability Act of 1996 (HIPAA) required the Secretary of the U.S. Department of Health and Human Services (HHS) to develop regulations protecting the privacy and security of certain health information. To fulfill this requirement, HHS published what are commonly known as the HIPAA Privacy Rule and the HIPAA Security Rule. The Privacy Rule, or Standards for Privacy of Individually Identifiable Health Information, establishes national standards for the protection of certain health information.

NIST –   NIST guidance provides the recommended security-controls standards for information systems at federal agencies. The government endorses these standards, and companies comply with NIST standards because they encompass security best practices controls across a wide range of industries.

PCI 3.2 – Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements designed to ensure that any company that processes, transmits, or stores credit card information, maintains a secure environment.

ISO 27001 – Using this family of standards will help your organization manage the security of assets such as financial information, intellectual property, employee details or information entrusted to you by third parties.

GLBA – The Gramm-Leach-Bliley Act (GLBA) removed restrictions prevented any one financial institution from operating as any combination of an investment bank, commercial bank, or insurance company. It is also known as the Financial Services Modernization Act of 1999.

FINRA – FINRA regulates trading in equities, corporate bonds, securities futures, and options. All firms dealing in securities that are not regulated by another SRO, such as by the Municipal Securities Rulemaking Board (MSRB), are required to be member firms of the FINRA. As part of its regulatory authority FINRA periodically conducts regulatory exams of its regulated institutions.

SANS 20 – The project was initiated early in 2008 as a response to extreme data losses experienced by organizations in the US defense industrial base and recently.  The publication was initially developed by the SANS Institute and became the SANS 20 Framework.

GDPR – European Union’s General Data Protection Regulation (GDPR)  The GDPR’s main purpose is to protect and provide rights to EU individuals whose data is being captured by organizations.

  • Partner
  • Partner
Computer Repair San Francisco IT Support SF