top of page

IT and Regulatory Compliance

Yea, we know... IT Compliance can make most people want to throw themselves off a cliff. 

​

But we know how to make it less painful. â€‹We have been implementing IT Compliance programs and performing compliance assessments for a long time from HIPAA, PCI DSS and Sarbanes-Oxley compliance to various FDA, ISO and NIST SP-800 standards assessments for specific compliance objectives, and the recent GDPR compliance. We have the assessment process down to a science and can quickly assess your internal controls on IT operations, systems management, policies and procedures, logical access controls, and the whole realm of detection and preventative controls. We can also automate the process so it's not a once a year headache but part of your business-as-usual processes.  

​

Here are some of the IT Compliance services we have provided for our clients, which can be customized to address your specific needs:

  • PCI DSS Compliance:

    • PCI Readiness Assessments and Strategic Planning

    • PCI Gap Assessments and Remediation

    • PCI SAQ Qualification, Selection, and Submission Assistance

    • PCI Scope and Asset Identification

    • PCI Scope Reduction and Maintenance Strategies

    • Policies & Procedures and Standards Assessment/Development

  • HIPAA Compliance:

    • HIPAA Assessments with the Security and Privacy Rules and HITECH Act

    • ePHI identification and protection controls assessment and remediation/implementation

    • Post-incident and reportable data breach assessments

    • Policies & Procedures and Standards assessment/development

  • FDA Regulatory Compliance and Validation:

    • FDA Title 21 CFR Part 11 - Electronic Documents and Digital Signatures Assurance

    • FDA GxP - Good Practice Quality Guidelines and Regulations

  • Sarbanes-Oxley (SOx) Audit of Internal IT Controls (Section 404), based on:

    • ISACA CObIT (Control Objectives for Information and Related Technology) Framework

    • ITGI (Information Technology Governance Institute) Security Framework

  • Various NIST Special Publications:​

    • SP-800 53 ​(Security & Privacy Controls for Information Systems and Organizations)

    • SP-800 30 (Guide for Conducting Security Risk Assessments)

    • SP-800 61 (Computer Incident Handling Guide)

  • ISO (International Standards Organization) - various assessments for compliance with: 

    • ISO 9001:2015 ​Standard for QMS (Quality Management Systems)

    • ISO 27001:2013 for ISMS (Information Security Management Systems)

    • ISO 27002:2022 for Info Security, Cybersecurity, and Privacy Protection 

bottom of page