Security Audit and Compliance
Our Cybersecurity audit and compliance process, conducts an entire organizational review to ensure that the correct and most up-to-date processes and infrastructure are being applied. We conduct series of tests that guarantees that information security meets all expectations and requirements within an organization. During this process, employees are interviewed regarding security roles and other relevant details.
Security Audit and Compliance
Our Security Compliance line of services assists organizations in maintaining specific security regulations and standards as required by legal manifesto. With solid understanding of the evolving security and privacy controls environment, regulatory landscape and risk management techniques, Our seasoned team has the experience and knowledge in performing risk and compliance assessments thus to implement industry standards and regulatory requirements such as HIPAA, HITRUST, HITECH, FISMA, NIST, ISO 2700X, COBIT, FFIEC, NERC CIP etc.
MasonBlue provides the guidance around security and privacy regulatory and industry standard requirements for our clients, to facilitate security risk assessments, maintaining a collaborative working relationship and offering leadership as needed to keep abreast of developments in the information security space from both a strategic and technical perspective.
Capabilities
​
Our comprehensive standards-based security programs enable organizations to evaluate their security in accordance with the Federal Information Security Management Act (FISMA) and defined in the five-level Security Assessment Framework (SAF). We also support compliance with regulatory requirements in the commercial sector such as GLBA, HIPAA, Sarbanes-Oxley, international standards such as ISO-17799, and industry best practices.
​
In short, We use standards and controls applicable to your organization based on industry you serve in :
​​
-
Federal Information Security Management Act (FISMA)
-
five-level Security Assessment Framework (SAF)
-
HIPAA/HITECH Security, Privacy and Breach Notification Rules
-
Generally Accepted Privacy Principles (GAPP)
-
EU’s General Data Protection Regulation (GDPR)
-
ISO/IEC 27001-2:2013
-
CIS Top 20 Critical Security Controls (CA AG requires)
-
SEC OCIE Cybersecurity Initiative
-
NIST Cybersecurity Framework
-
Applying Risk Management Program Management and Principles
​
​