InfoSec Advisors’ Regulatory Compliance Assessment service offers a proactive assessment of how your company complies with the ever-increasing array of regulatory requirements that exist today such as:

• North American Electric Reliability Corporation (NERC) which is set to assure the reliability and security of the bulk power system in North America
• Statement on Standards for Attestation Engagements (SSAE 16) 2011 is the reporting on controls at a service organization and has replaced the SAS 70 as the authoritative guidance for reporting on service organizations
• Health Insurance Portability and Accountability Act of 1996 which imposes regulations on group and individual health insurance plans
• Gramm-Leach-Bliley Act (GLBA) of 1999 that imposes regulations on mergers and acquisitions of financial institutions
• Sarbanes-Oxley Act (SOX) of 2002 which imposes regulations on U.S. public companies’ boards of directors, management and accounting firms
• Federal Information Security Management Act (FISMA) of 2002 that imposes regulations on computer and network security in the Federal government and affiliated parties
• Payment Card Industry (PCI) Data Security Standards impose regulations on the processing of credit card payments
• Federal Financial Institutions Examination Council (FFIEC) Cybersecurity Assessment Tool (Assessment) to help institutions identify their risks and determine their cybersecurity maturity.

Many of our clients engage us to perform the annual assessments that are required in these regulations.  Some clients just want us to deliver an objective assessment of the scope of work needed to become compliant.  Once an assessment is complete we can also provide an executable list of prioritized actions to take to improve compliance along with budget and schedule if we are assisting.

Engagement Objectives

•  Provide an understanding of the appropriate regulations and their requirements as they relate to your data, processes, IT and network infrastructures
•  Assess your level of compliance with the appropriate regulations
•  Identify areas of suspected non-compliance
•  Recommend an action plan to get begin, improve or achieve better regulatory compliance – The key is PROGRESS, NOT PERFECTION!

Benefits

•  An understanding of the regulations impacting your business
•  A report identifying the areas of compliance, non-compliance and maturity level with respect to best practices
•  A plan of action to be taken to improve or become compliant
•  A relationship with a qualified and certified third party who can help you with future compliance issues

Most Frequently Asked Questions

How do I engage InfoSec Advisors to help me with a compliance assessment?

When you contact us about a compliance assessment, one of our security consultants will meet with you to identify and understand your requirements. We will draft a statement of work that accurately describes the work to be done. It include a timeline along with the cost for performing the work. Our consultant will review the statement of work with you to confirm that it accurately describes the work to be done. After it is signed by both parties, the work is scheduled.

What will my company get from a compliance assessment?

You will get peace of mind. As your certified business partner, we will make sure that you have a clear understanding of your current state of compliance along with recommendations for steps to be taken to become compliant with regulations that apply to your business.