HIPAA  – The Health Insurance Portability and Accountability Act regulates the security of Protected Health Information (PHI). HIPAA applies to what U.S. Department of Health & Human Services (HHS) defines as Covered Entities and Business Associates that are storing, collecting, accessing, transferring, or otherwise handling private and sensitive patient information.

NIST, DFARS & CMMC 2.0 – National Institute of Standards and Technology (NIST), the Defense Federal Acquisition Supplement (DFARS), and Cybersecurity Maturity Model Certification (CMMC 2.0) are cybersecurity regulations that apply to government and Department of Defense contractors and suppliers. Compliance is mandatory for winning and retaining government contracts. We specialize in NIST 800:171 and NIST 800:172. We also specialize in DFARS 7012, DFARS 7019, and DFARS 7020.

GLBA Compliance – The Gramm-Leach-Bliley Act (GLBA), also known as the Financial Services Modernization Act of 1999, (Pub.L. 106-102, 113 Stat. 1338, enacted November 12, 1999) is an act of the 106th United States Congress (1999-2001).

PCI Compliance  – The Payment Card Industry Data Security Standard (PCI-DSS) regulates the protection of credit, debit, and cash card information for all organizations storing, transmitting, or otherwise handling financial card information and associated cardholder data.

SOC Compliance – AICPA’s Security and Operational Controls (SOC) framework is a voluntary compliance standard applying to service providers, to demonstrate that they are effectively protecting confidential and sensitive client information. We specialize in SOC 2 Type 1 (SOC II Type I), SOC 2 Type 2 (SOC II Type II), and SOC 3 (SOC III).

SOX Compliance – The Sarbanes-Oxley Act of 2002 (SOX) was established to increase transparency in financial reporting and ensure the control and protection of financial data. It applies to all publicly traded companies in the U.S., their wholly owned subsidiaries, and foreign companies that do business in the U.S., as well as accounting firms that audit such companies.

ISO Certification and Compliance – The International Organization for Standardization (ISO) has developed voluntary standards to ensure the quality, safety, and efficiency of products, services, and systems. Relevant ISO certification demonstrates that a business adheres to recognized quality measures in their industry. We specialize in ISO 27001 and ISO 27002.

GDPR – The European Union’s General Data Protection Regulation (GDPR) is a digital privacy law regulating the collection, storage, and use of personal data from EU citizens. Any business offering goods or services to customers within the EU needs to meet its requirements.

CCPA – The California Consumer Privacy Act (CCPA) regulating the data privacy of California residents. For-profit businesses collecting, sharing, or selling personal information from consumers in California, and meeting certain other criteria, are required to meet its provisions.