OUR SERVICES COMPLIANCE
The compliance services that we can offer were designed to aid companies in taking the right steps to comply to the relevant laws and regulations such as the Federal Information Security Management Act (FISMA) or the HIPAA Security Rule. We can perform an assessment which will help you to understand how well your company is complying, or help you to figure out how to take steps to further your compliance.
COMPLIANCE HIPAA SECURITY RULE ASSESSMENT
If you are a business associate or a covered entity under the Health Insurance Portability and Accountability Act (HIPAA) 1996, then you will be required to have policies that comply with this security rule. The HITECH Act also requires organizations that store protected health information on their systems to have procedures in place that report a breach of unprotected data like this..
We can help you by running an assessment to determine the organization’s compliance with the HIPAA Security Rule and will critically assess the breach reporting procedures against the HITECH requirements.
You will then be given a findings and recommendations report that will contain everything that you need. In this report you will find corrective actions that you can take to ensure that you are complying with the HIPAA Security Rule and HITECH requirements.
GBLA stands for the Gramm-Leach-Bliley Act which requires businesses that are in the financial industry to share their information sharing policy to their customers. The act was passed in 1999 and is now one of the key pieces of legislation when it comes to ensuring that consumers understand how their information is used. We can provide you help by examining the technical, physical and administrative guards that have been put in place to protect the customer's data. This is to make sure that the company is operating within the guidelines that are laid out in the Federal Financial Institutions Examination Council (FFIEC).
Once this has been completed, there will be a findings and recommendations report given to you which will provide details of everything that was looked at which will include anything that goes towards your company’s compliance under the GBLA and the FFIEC. In this report, you will also see a list of findings and recommendations that you can use to make sure that your business is up to code. There will also be suggestions for how you can do this.
COMPLIANCE FISMA / NIST ASSESSMENT
We can help your organization if you are required to comply with the FISMA which could require an assessment of the security controls you use under the National Institute of Standards and Technology (NIST).
Using controls found in Appendix F or ‘Assessment Procedure Catalogue,’ we will complete the assessment and comply with the NIST Special Publication 800-53A.
You will receive a findings and recommendations report that will contain all the information you need, including recommendations for corrective action to ensure that you are complying with FISMA.
We can provide the service that you need to all industries. Whether you work within the claims processing industry, debt collection or transport and logistics, we can help you. But that’s not all because we also provide this service to the other following industries:
- Third-Party Administrators )
- Payroll Processing / HR
- Accounts Receivable Management Services
- Merchant and Credit Card Processing
- Print and Mail Service Providers
- Software Development and Maintenance Service Providers
- Credit Card Payment Processors
- Defined Contribution Plan Record-keepers
- Cloud Service Providers
- Infrastructure-as-a-Service (IaaS) / Data Center Hosting / Colocation Providers o Platform-as-a-Service (PaaS)
- Software-as-a-Service (SaaS) / Application Service Providers
- Investment Managers / Advisors
- Stock Transfer Agents
- Hosted and Managed IT
- Financial Services
- Business Process Outsourcing
MINIMUM ACCEPTABLE RISK STANDARDS FOR EXCHANGES (MARS-E)
In 2010, the Patient Protection and Affordable Care Act (ACA) led to the creation of Health Insurance Exchanges (HIX) which manage the purchase of health insurance. This is important because the HIX’s handle all of the following:
- Personally Identifiable Information (PII)
- Protected Health Information (PHI)
- Federal Tax Information (FTI)
It is also the case that the HIX’s need data from a range of various federal agencies which can include:
- Department of Health and Human Services (HHS)
- Internal Revenue Service (IRS)
- Social Security Administration (SSA)
- Department of Homeland Security (DHS))
It is required by law that these bodies protect the security, as well as the privacy of any IT systems as well as the information that is on them, and who has access to the data. MARS-E provides a minimum list of standards for an acceptable security risk which HIX’s must address. They should also always be aiming to comply with the potential compliance regulations that may need to be followed under HIPAA, FISMA, ACA, HITECH or state requirements.
If your business falls under the bracket of an ACA Administering Entity, then you will be required to have policies and procedures that protect privacy and security as laid out by ACA under MARS-E.
Our service can aid you by performing an attestation engagement to help you understand your organisation’s compliance with the MARS-E requirements.
INDUSTRIES DEPTH & DIVERSITY
With our team being uniquely qualified, you can rest assured that we have everything we need to serve you. The experience that our team has guarantees excellent understanding of information technology, which gives us the edge we need to serve a wide variety of industries.