We understand regulatory requirements – We help ease the burden of compliance.
Creating one system, an alliance of both security and compliance, in a systematic and controlled way is the first step in reducing risk. This alliance will ensure that security controls won’t atrophy, and all the required documentation and reports are accessible for auditing.
Security and compliance are distinct components of a necessary and crucial system. Knowing how each relates to data protection is critical.
Our Compliance experts focus on the data processed and stored by an organization and the regulatory requirements (frameworks) that apply to its protection. A customer may need to align with multiple frameworks; understanding these frameworks can be difficult. Our Compliance platform includes a workflow automation engine that guides you through the entire process and maintains your organizations’ required documentation.
Regulatory Compliance requirements come in the form of legislation, industry regulations, or standards created from best practices.
ResoluteGuard’s Compliance-as-a-Service (Caas) Solution
ResoluteGuard’s Compliance-as-a-Service (CaaS) solution helps your organization accomplish and maintain compliance with multiple regulations, such as HIPAA, NIST-CSF, PCI, CMMC and other regulations.
Specifically, compliance frameworks include:
National Institute of Standards and Technology’s (NIST) Cyber Security Framework (CSF). The Framework integrates industry standards and best practices to help organizations manage their cybersecurity risks.
HIPAA (Health Insurance Portability and Accountability Act) legislates how companies should handle and secure personal medical information. HIPAA compliance requires organizations who manage this kind of information, to do so safely. Title 2 is the section that applies to information privacy and security.
Initially, HIPAA aimed to standardize how the health insurance industry processed and shared data. It has now added provisions to manage electronic breaches of this information as well.
The New Cybersecurity Maturity Model Certification (CMMC) was created to ultimately inject more defense contractor accountability into the protection and privacy of sensitive government contract information. The Interim Rule kicked in on Nov. 30, 2020 with tough new requirements for all new and renewing contracts.
The Sarbanes-Oxley Act (also called SOX) applies to the corporate care and maintenance of financial data of public companies. It defines what data must be kept and for how long it needs to be held. It also outlines controls for the destruction, falsification, and alteration of data.
SOX attempts to improve corporate responsibility and add culpability. The act states that upper management must certify the accuracy of their data. All public companies must comply with SOX and its requirements for financial reporting. Classifying data correctly, storing it safely, and finding it quickly are critical elements of its framework.
PCI DSS compliance is the Payment Card Industry Data Security Standard created by a group of companies who wanted to standardize how they guarded consumers’ financial information.
Requirements that are part of the standard are:
SOC Reports are Service Organization Control Reports that deal with managing financial or personal information at a company. There are three different SOC Reports. SOC 1 and SOC 2 are different types with SOC 1 applying to financial information controls, while SOC 2 compliance and certification covers personal user information. SOC 3 Reports are publicly accessible, so they do not include confidential information about the company. These reports apply for a specific period, and new reports consider any earlier findings.
The American Institute for Chartered Public Accountants (AICPA) defined them as part of SSAE 18.
ISO 27000 Family
The ISO 27000 family of standards outlines minimum requirements for securing information. As part of the International Organization for Standardization’s body of standards, it determines the way the industry develops Information Security Management Systems (ISMS).
Compliance comes in the form of a certificate. More than a dozen different standards make up the ISO 27000 family.
General Data Protection Regulation is a law passed by the European Union that all country states and the UK have agreed to adhere to. Any company that processes or retains European citizen data is subject to enforcement.
The data could be in the form of email addresses in a marketing list or the IP addresses of those who visit your website.