Compliance Function Assessment
One of the principal challenges for most organizations in heavily regulated industries lies in determining applicable regulations based on the scope and complexity of the organization’s business activities. The organization’s “Compliance Function” should help in this regard by implementing a compliance risk management program to satisfy regulatory requirements, and minimize compliance risk exposure.
ISECI’s “Compliance Function Assessment” is designed to evaluate the compliance posture of your organization against applicable information security compliance requirements in every country where your organization operates. The outcome of this assessment provides a guideline on actionable steps your organization may take to improve non-performing compliance controls.
FERPA
The Family Educational Rights and Privacy Act (FERPA) of 1974 is a United States federal law that safeguards the privacy of students’ education records. Compliance with FERPA regulations is mandatory for all agencies and institutions that receive funds under any program of the U.S Department of Education such as elementary schools, middle schools, high schools, colleges and universities. The law addresses the responsibilities of educational agencies and institutions concerning student information. FERPA prohibits the disclosure of personally identifiable information (PII) from students’ records. Failure to adhere to the provisions of FERPA may prevent the educational institution from accessing and receiving federal funding.
At ISECI, our dedicated security experts can help your institution maintain a FERPA compliant information security program. We understand FERPA requirements and all the controls that must be implemented to be FERPA compliant. We offer a range of services on FERPA compliance, including assisting to prepare compulsory annual privacy notices to students, structuring the implementation of an approved signed consent system, FERPA regulations training for staff, conducting FERPA security risk assessments and investigating compliance from third-party data consumers.
FIPA
The Florida Information Privacy Act (FIPA) is a regulation that seeks to protect the acquisition, maintenance, storage and use of Personally Identifiable Information (PII). The law also states that organizations should alert authorities in the eventuality of a security breach. Noncompliance with FIPA provisions may result in steep penalties. FIPA applies to both private businesses and government institutions that acquire, maintain, store or utilize PII of individuals in Florida as well as businesses based outside Florida that have PII data about Florida residents. Both categories of organizations are considered as “covered entities”, hence they must comply with FIPA requirements.
ISECI experts determine if your company acquires, maintains, stores, or uses PII to assess the possible risks to this sensitive information.
Our assessment includes the review of your business affiliations with third party agents that may handle customer records containing PII on your behalf. Our services geared towards FIPA compliance include security risk assessments, as well as the development of policies and procedures to achieve FIPA compliance.
Gramm-Leach-Bliley Act (GLBA)
Gramm-Leach-Bliley Act (GLBA), also called the Financial Services Modernization Act of 1999, is a law that seeks to protect consumer financial privacy. The GLBA requires companies acting as financial institutions such as banks and financial planners to safeguard consumers’ sensitive information (names, addresses, credit histories, and so on). As part of GLBA compliance, organizations acting as financial institutions must inform their customers about organization information-sharing practices and also tell consumers of their right to choose not to participate in the practice if they do not want their data to be shared with nonaffiliated third parties. GBLA compliance mitigates the risk of penalties or reputational damage that may arise from the unauthorized use, disclosure, or loss of consumer’s nonpublic personal information.
ISECI helps organizations achieve GLBA and FFIEC compliance as part of their overall security efforts to safeguard customer data. We leverage our expertise in security and financial services and in-depth working knowledge of GLBA and FFIEC requirements to help organizations develop their information security and compliance programs. Our approach is comprehensive and efficient and includes conducting regular information security assessments, and providing guidance on how your organization can achieve GLBA compliance in a quick and cost-effective way.
HIPAA
The Health Insurance Portability and Accountability Act (HIPAA) is legislation designed to simplify healthcare administration costs, help people keep health insurance, and also establish industry-wide standards to protect and maintain confidentiality of the sensitive medical data of patients.
It is obligatory for organizations handling protected health information (PHI) to provide adequate security measures for all their infrastructure, network and processes, and maintain compliance at all times to all the applicable requirements of the Act. HIPAA regulations apply to covered entities (CE) and business associates (BA), healthcare providers conducting electronic transactions, health plans, healthcare clearing houses, and other entities that deal with personal medical data.
At ISECI, we provide best-in-class HIPAA consulting and implementation support leading to the successful implementation of your HIPAA compliant program . In addition, our experts conduct HIPAA vulnerability risk assessments, including a review of information security policies, processes and procedures adopted by the organization as part of the HIPAA compliance program.
At ISECI, we provide best-in-class HIPAA consulting and implementation support leading to the successful implementation of your HIPAA compliant program . In addition, our experts conduct HIPAA vulnerability risk assessments, including a review of information security policies, processes and procedures adopted by the organization as part of the HIPAA compliance program.
PCI DSS Compliance
The Payment Card Industry Data Security Standard (PCI DSS) is a set of information security standard for all businesses that manage credit, debit, and cash card transactions. The PCI standard is authorized by the card brands and administered by the PCI Security Standards Council (PCI SSC) - a joint establishment of the five major credit card brands; American Express, Visa, Discover, MasterCard, and JCB. The PCI standard was designed to optimize the security of cardholder data against card fraud. Every year, PCI DSS compliance is validated by an external Qualified Security Assessor (QSA) for merchants that handle large transaction volumes, or through the administration of a Self-Assessment Questionnaire (SAQ) for merchants that handle low transaction volumes.
ISECI can help your company in the PCI DSS compliance process. We have the necessary tools to assess your security level, secure your systems and network infrastructure against malicious attacks, safeguard customers’ card data, and prevent card fraud and identity theft.
We offer a range of services necessary to conform to compliance requirements such as data breach protection, vulnerability scanning, penetration testing, mobile device security, and information security training. The cost of data breach on any company is highly expensive and damaging, the more reason for businesses that handle cardholder data to be PCI DSS compliant. We can help you achieve your information security goals, and thus achieve PCI compliance.