Compliance

Document Sample
Compliance Powered By Docstoc
					Compliance
In today’s business climate, assessing and addressing your regulatory compliance needs has
become a top concern. It’s not enough to try and meet the law; it is a company’s duty to
ensure compliance for the sake of their business, their clients, and their customers. At
Guidance Consulting, we understand the importance of properly managing data and how to
keep it protected. We will work with you to develop a compliance plan, to keep it up to date,
and to integrate it with the full scope of your technological needs.

Different industries require different approaches, and we have a thorough understanding of
compliance laws and how to implement the technological aspects of these regulations in
your business. Whether you need some help keeping your financial records compliant or you
want to protect the safety and integrity of your clients’ personal records, we have the
experience and expertise to make it happen.

The nature of business has changed, and we have a wealth of technology at our fingertips.
By properly harnessing and securing it, we can make your data easier to find, more secure,
and most of all, compliant with the most current regulations and laws. Your business
deserves no less – and at Guidance Consulting, we put your needs first.




PCI
If your business takes in your clients’ and customers’ financial data, then chances are PCI
applies to you. The Payment Card Industry Data Security Standard, or PCI, is a set of rules
regarding how businesses process credit card data. It also governs how they secure and
hold this sensitive information after the transaction has been completed. If your company
processes, holds, or passes along any credit card data, this regulation almost certainly
applies to your business.

The goal of PCI is to eliminate consumer credit card fraud. In order to keep fraud at a
minimum, there are certain standards and regulations that you must meet regarding how
you hold the credit card data. At Guidance Consulting, we understand the trust that your
clients and customers have placed in you, and we know that you need to stay compliant not
just to follow the law, but because it’s the best thing for your business.

To comply with PCI, we can help you:

Review the IT side of the Payment Card Industry Data Security Standard Examine how your
business handles sensitive credit card data Develop a plan to ensure that you are compliant
with PCI Integrate this plan with the rest of your IT security needs Regularly reassess your
approach to PCI as your business evolves

In order to comply with the Payment Card Industry Data Security Standard, your company
must not only follow the regulations, but also submit to an annual assessment to make sure
you are in compliance. By contracting with major credit card issuers, you are contractually
obligated to keep your processes and records in compliance. If your company isn’t
complying with these regulations, the credit card companies may require audits, fine you, or
terminate their contracts with you. At Guidance Consulting, we understand the significance
of this risk, and we will work with you to ensure your data is in compliance with PCI through
innovative and secure IT solutions.




SOX
The Sarbanes-Oxley Act of 2002, or SOX, made some tremendous changes to federal law. If
your company is publicly owned, managed, or is a public accounting firm, this act applies to
your business, and it’s critical that you stay compliant. By working with you to streamline
your technological needs and to make sure your data is properly compiled, we can help you
meet your goals and to stay in compliance with the law.

One of the major changes SOX made to the business world was by imposing restrictions on
how companies can compile and present their financial data. Among other parts of the
legislation, it requires that senior executives take personal accountability for the accuracy
and completeness of the company’s financial reports. It’s not just about making sure there
is someone to blame, however. Federal law requires being in compliance with SOX, and if
audits show you aren’t compliant, there can be severe legal consequences. At Guidance
Consulting, we know that fulfilling these requirements is essential to the success of your
business. We will work with you to ensure that you are meeting all of the requirements of
SOX on the technology end of the spectrum. We can help you to: Ensure that your data is
being properly stored Help your data retrieval so that you know the data you pull is
accurate Review your software to make sure it is properly figuring financial data Automate
SOX compliance SOX has many specific requirements, and we are here to help you meet or
exceed them as efficiently as possible. By automating your SOX compliance, we can help
keep your business running smoothly and your data in line. We know how critical it is to
follow these laws, and we have the experience and expertise to make this happen.




HIPAA / HITECH
If you are responsible for any data on patients and their health care, HIPAA applies to you.
HIPAA, the Health Insurance Portability Act of 2002, regulates how health insurance policies
can be transferred, but it also directly states how a patient’s personal data may be used,
stored, and shared. This is a federal regulation, and maintaining compliance is crucial for
your business.

Coupled with HIPAA is HITECH. HITECH stands for Health Information Technology for
Economic and Clinical Health Act. In brief, this Act increases the duty of businesses that
hold protected health information to not only properly store, use, and protect the data, but
also to notify the appropriate parties if there is a breach of security in the data system.
What this means for you is that you need to have your system secure and also have a plan
in place to notify the appropriate parties if a breach occurs.

At Guidance Consulting, we know that staying in compliance is your top priority. We will
work with you to:

Secure your private data Store this data properly Help you to make the data accessible only
to people who need access to it Formulate a plan of action in the event of a breach
Automate the notification system Keep you in compliance with the law

We understand that HIPAA and HITECH are complicated pieces of legislation, and that
complying with them is important for your business and its reputation. We will work with
you to form a plan that is tailored to your specific needs based on the data you use, store,
and access. We are here to secure your data as well as to integrate technology efficiently
into your business goals.




GLBA
The Gramm-Leach-Bliley Act (GLBA), also known as the Financial Services Modernization
Act of 1999, changed the way in which banks, securities companies, and insurance
companies can merge and do business. What it also did was to give businesses a new and
greater duty to protect nonpublic information.

If you are involved in the financial services industry, you may be required to send privacy
notifications to your customers as well as ensure that their personal data is secure. Another
requirement is to have a written plan of action detailing the preparations you have taken to
protect your customers’ data, as well as how you plan to continue protecting it. At Guidance
Consulting, we can work with you to develop this plan and implement it with the highest
level of security procedures. We will also test your system security and help you to monitor
it to ensure that the data you hold is protected.

To help you meet your compliance needs, we can:

Automate your notification system Secure your customer data Perform tests on your
security to make sure there are no weaknesses Help you plan for your future IT security
needs Work with you to formulate a plan of action in the event of a breach Monitor and
update your security procedures

Compliance may not be an option, but you can choose the most efficient methods to ensure
you are on the right side of the law. We understand the complexities of these regulations,
as we can implement the best means to integrate your data and notification requirements
with innovative technology and solutions.
Red Flags Rules
The world of technology is growing increasingly complex, and there are now Red Flags Rules
that help consumers protect their identities from theft. What this means for your business is
that if you are a financial institution or a creditor, you need to have a written program in
place to help deal with the threat of identity theft.

It’s no longer enough to just protect your consumers' private data. While this is still an
important part of preventing identity fraud, you are now required to take these measures
one step further. As part of the Fair and Accurate Credit Transactions Act of 2003, your
business is required to have plans in place to detect, identify, and respond to “red flags.”
These “red flags” are signs that an identity has been stolen and that there is fraudulent
activity on an account.

At Guidance Consulting, we know that having the most comprehensive detection systems in
place can help to minimize identity theft. The earlier you can detect it, the more you can do
to stop it, to mitigate the damage, and to help prevent it from happening again. We will
work with you to:

Develop a list of “red flags” for consumer data and accounts Make plans to mitigate the
damage if there is fraud Secure your consumer data from theft Secure your customer logins
and data access Develop regular reassessments of plans and procedures

We know that keeping your consumer data safe and allowing your customers the freedom to
access their accounts safely and without fear is paramount to your business. We will take
our experience and work with you to form a plan of action that is tailored to your individual
company. With creative solutions for all of your IT security needs, Guidance Consulting can
make it happen.




Federal Government
If your business comes into contact with any sensitive consumer information, chances are
there are federal regulations that apply to the safety and security of this data. Maintaining
the privacy of clients, customers, and patients isn’t just the right thing to do – it’s often
regulated by federal law or overseen by the government-based component of the business
you're in.

Determining how to stay compliant with these regulations can be daunting, but at Guidance
Consulting we have the skill and the experience to work with you to strengthen your IT
security and procedures and to get you into compliance.

By implementing the highest level of security, we will work with you to:

Securely compile and store your sensitive data Ensure that access to this data is protected
Protect your network and systems from attackers hunting for your data Notify your patients
and customers in accordance with federal regulations Streamline the compilation and
reporting of regulated data Build a plan of action in the event of a breach in security Plan for
mitigating the damage on the IT end to a data theft Secure your system for safe consumer
access Build security systems to minimize the risk of identity theft Automate your
compliance needs

As you can see, Guidance Consulting can help you with any type of federal regulatory
compliance under the scope of IT. We pride ourselves on building and maintaining strong
systems while developing innovative solutions for all of your technological needs.




Chemical Industry
If you are in the chemical industry, you’re probably aware of how federal regulations have
tightened up over the past few years. While protecting certain chemicals and substances
from theft and misuse has always been important, it has become extra important to keep
detailed records about certain chemicals and to ensure that they are under lock and key in
the wake of the World Trade Center disaster of 2001.

The Chemical Facility Anti-Terrorism Standards, or CFATS, defines what a high-risk facilities
are. A high-risk facility is subject to more stringent security standards regarding the
physical safety of the substances it holds and creates. It is also required to implement
rigorous security measures to protect against cyberattacks that could compromise security
at the site. This is where Guidance Consulting can help you – we have the experience and
training to implement comprehensive security solutions for your high-risk facility.

We can help you to:

Create the network security portion of your site security plan Review your current
cybersecurity for compliance Implement stringent IT security measures Ensure that access
to records is granted to the correct personnel Build databases to track creation and use of
high risk chemicals Develop a plan of action in the event of a network security breach
Create secure shared databases

At Guidance Consulting, we know that keeping your chemical facilities secure and efficient is
your highest priority. While federal regulations have tightened in the past decade, we can
help you to implement innovative, creative solutions to meet or exceed federal compliance
and to keep your site safe. Comprehensive, innovative technologies can make security and
reporting easier, so let us put out experience to work for you to make it happen.

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:13
posted:5/6/2012
language:English
pages:5