Preserve Client Identities

Companies are required to comply with security regulations, legal or contractual obligations in order to protect their corporate and client information.

You want to preserve your client identities by protecting their credit card, personal or medical information.



Compliance

Our Approach

This is how we help you


Phase 1

Scope Discovery

We will define the scope of compliance that is specific to each company. Once identified, our objective is to reduce it to what is necessary and avoid compliance fatigue.

Scope Discovery
Background

Phase 2

Gap Assessement

We conduce a diagnostic of your current security posture to meet compliance requirements. Our objective is to identify gaps, have the most realistic picture of the situation and estimate the necessary effort to become compliant

Gap Assessement
Background

Phase 3

Remediation

We support you in the process of achieving compliance. Our goal is to determine the best strategy to fill your gaps , be your Security Subject Matter Expert (Virtual CISO) and provide you advisory services

Remediation
Background


Standards that we support


PCI DSS

Payment Card Industry – Data Security Standard

Are a set of security standards outlined to ensure that businesses that process debit or credit card information operate in a secure environment. In case your company accepts card payments, then you MUST protect your data or securely host your data through a PCI compliant hosting provider.

Learn more
ISO 27001

ISO/IEC 27001 is widely known, providing requirements for an information security management system (ISMS), though there are more than a dozen standards in the ISO/IEC 27000 family. Using them enables organizations of any kind to manage the security of assets such as financial information, intellectual property, employee details or information entrusted by third parties.


SOC2

System and Organization Controls

Report on Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality or Privacy


HIPAA

To improve the efficiency and effectiveness of the health care system, the Health Insurance Portability and Accountability Act of 1996 (HIPAA), Public Law 104-191, included Administrative Simplification provisions that required HHS to adopt national standards for electronic health care transactions and code sets, unique health identifiers, and security.


GDPR

The General Data Protection Regulation (GDPR) is the toughest privacy and security law in the world. Though it was drafted and passed by the European Union (EU), it imposes obligations onto organizations anywhere, so long as they target or collect data related to people in the EU. The regulation was put into effect on May 25, 2018. The GDPR will levy harsh fines against those who violate its privacy and security standards, with penalties reaching into the tens of millions of euros.

CMMC

Cybersecurity Maturity Model Certification

The DoD is now requiring contractors to be certified in order to prove controls are in place to protect sensitive data including Federal Contract Information (FCI) and Controlled Unclassified Information (CUI). The CMMC model accounts for best practices of different cybersecurity standards such as NIST SP 800-171, NIST SP 800-53, ISO 27001, ISO 27032, AIA NAS9933, and others into one collaborative standard for cybersecurity.

The CMMC has five defined levels where each level has a subset of practices and processes to support the various levels of engagements. 


CMMC Levels

Level 1 : Safeguard Federal Contract Information (FCI)

Level 2: Serve as transition step in cybersecurity maturity progression to protect Controlled Unclassified Information (CUI)

Level 3: Protect Controlled Unclassified Information (CUI)

Levels 4-5: Protect CUI and reduce risk of Advanced Persistent Threats (APT)


You Are in Good Hands

FOCUS ON YOUR BUSINESS

EN