Security Audit and Compliance

Our seasoned team has the experience and knowledge in performing risk and compliance assessments thus to implement industry standards and regulatory requirements such as HIPAA, HITRUST, HITECH, FISMA, NIST, ISO 2700X, COBIT, FFIEC, NERC CIP etc. 

​​Our comprehensive standards-based security programs enable organizations to evaluate their security in accordance with the Federal Information Security Management Act (FISMA) and defined in the five-level Security Assessment Framework (SAF). We also support compliance with regulatory requirements in the commercial sector such as GLBA, HIPAA, Sarbanes-Oxley, international standards such as ISO-17799, and industry best practices. 

In short, We use and refer to standards and controls as applicable to your organization based on industry you serve in :

  • Information Systems Security Assessment Framework (ISSAF)

  • HIPAA/HITECH Security, Privacy and Breach Notification Rules

  • Generally Accepted Privacy Principles (GAPP)

  • General Data Protection Regulation (GDPR)

  • ISO/IEC 27001-2:2013

  • CIS Top 20 Critical Security Controls (CA AG)

  • SEC OCIE Cybersecurity Initiative

  • NIST Cybersecurity Framework