Signed in as:
filler@godaddy.com
Compliance
FISCAM
FISCAM
FISCAM
The FISCAM provides a methodology for performing information system (IS) control audits in accordance with GAGAS, where IS controls are significant to the audit objectives. However, at the discretion of the auditor, the manual may be applied on other than GAGAS audits. As defined in GAGAS, IS controls consist of those internal controls th
The FISCAM provides a methodology for performing information system (IS) control audits in accordance with GAGAS, where IS controls are significant to the audit objectives. However, at the discretion of the auditor, the manual may be applied on other than GAGAS audits. As defined in GAGAS, IS controls consist of those internal controls that are dependent on information systems processing and include general controls and application controls.
Abidance Consulting can help you create an environment that allows for you to fully comply quickly and seamlessly with the FISCAM / Yellow Book requirements and techniques.
FISMA
FISCAM
FISCAM
FISMA assigns responsibilities to various agencies to ensure the security of data in the federal government. The act requires program officials, and the head of each agency, to conduct annual reviews of information security programs, with the intent of keeping risks at or below specified acceptable levels in a cost-effective, timely and e
FISMA assigns responsibilities to various agencies to ensure the security of data in the federal government. The act requires program officials, and the head of each agency, to conduct annual reviews of information security programs, with the intent of keeping risks at or below specified acceptable levels in a cost-effective, timely and efficient manner.
Abidance Consulting uses the 9 steps outlined by NIST to assist you in complying with the FISMA rules.
GDPR
FISCAM
GDPR
A data subject is any person whose personal data is being collected, held, or processed. A major part of the European Union’s General Data Protection Regulation (GDPR) is letting individuals choose and control what happens to their personal data. Under the GDPR, individuals can ask companies to access and correct errors in their informati
A data subject is any person whose personal data is being collected, held, or processed. A major part of the European Union’s General Data Protection Regulation (GDPR) is letting individuals choose and control what happens to their personal data. Under the GDPR, individuals can ask companies to access and correct errors in their information, delete personal data, and object to processing their data.
As the old saying goes...It Takes Two To Tango...
There are two entities involved in every GDPR transaction...there is the Data Controller and the Data Processor.
As the data controller, a person is able to determine the personal data a processor may process and store on their behalf. If a person uses a data processor's cloud solutions, they may process personal data for the individual depending on the products and solutions the individual uses and the information the individual chooses to send to their account or service. As a controller, the individual will provide privacy notices to individuals who engage with their brands detailing how they collect and use information, and obtain consents, if needed. If those individuals want to know what data the controller maintains about them or decide they want to discontinue their relationship with the controller, the controller will respond to those requests.
When a data processor provides software and services to an enterprise, they are acting as a data processor for the personal data the individual asks the data processor to process and store as part of providing the services to the individual. A data processor will process personal data only in accordance with the individual's company’s permission and instructions — for example, as set out in the individuals agreement with the data processor. Where the individuals data is in a cloud solution and the individual needs the data processors assistance with any individual consumer requests, the data processor must partner with the individual through processes, products, services, and tools to help the individual to respond.
The GDPR rules/requirements are complicated and can be very time consuming. That's where Abidance Consulting comes in and can assist your organization in making sure that you acquire and maintain regulatory compliance and that your compliance program is ready for an audit.
HIPAA
HIPAA
HIPAA
HIPAA has been around since President Bill Clinton signed it into law in 1996. HIPAA consists of two primary sections...Privacy & Security. These two areas make up 99% of the HIPAA laws. the other 1% falls under training. Without proper training, many medical personnel are not able to fully understand to ramifications of not complying wit
HIPAA has been around since President Bill Clinton signed it into law in 1996. HIPAA consists of two primary sections...Privacy & Security. These two areas make up 99% of the HIPAA laws. the other 1% falls under training. Without proper training, many medical personnel are not able to fully understand to ramifications of not complying with HIPAA.
Abidance Consulting staff have an average of 13 years of HIPAA experience with one of the Directors having 20 years of HIPAA experience in the medical, insurance and state levels as it pertains to regulatory compliance, creating compliance programs and preparing for HIPAA audits.
NERC
HIPAA
HIPAA
Like HIPAA, NERC has two primary sections...693 (Reliability) and 706 (CIP). Abidance Consulting cut it's teeth on NERC for right at 10 years. During that time, several Abidance Consulting staff were, and still are, members of the NERC CIP Standards Development Team (SDT).
Abidance Consulting has participated in more than 140 audits since
Like HIPAA, NERC has two primary sections...693 (Reliability) and 706 (CIP). Abidance Consulting cut it's teeth on NERC for right at 10 years. During that time, several Abidance Consulting staff were, and still are, members of the NERC CIP Standards Development Team (SDT).
Abidance Consulting has participated in more than 140 audits since 2007 with not a single monetary penalty for our clients.
Due to the multiple changes that are occurring this year and the NERC CMEP requirements, Registered Entities, now more than ever, need assistance with their NERC compliance efforts. Many Responsible Entities do not have staff with the necessary time to dedicate to this ever changing environment or the skill sets required to implement a proper NERC compliance program based on the CMEP.
NIST
HIPAA
NIST
NIST consists of three main sections:
- One - The framework Core. This is divided into 5 sections – Identify, Protect, Detect, Respond, and Recover. It’s here that security architects can find a wide range of actions, outcomes and useful references describing the different best practice paths usually employed in raising an organization’s cyb
NIST consists of three main sections:
- One - The framework Core. This is divided into 5 sections – Identify, Protect, Detect, Respond, and Recover. It’s here that security architects can find a wide range of actions, outcomes and useful references describing the different best practice paths usually employed in raising an organization’s cyber security level.
- Two - The framework Profile. This is a future state that specifies the objectives the business wants to achieve as part of their approach. And of course, no two company profiles are the same because it takes into account their own unique circumstances, such as budget, threats, and chain of procurement.
- Three - Implementation Tiers. These can be used to determine a company’s cyber security strategy maturity by comparing the on-site circumstances with the framework’s directives. There are 4 levels of maturity: Partial, Risk Informed, Repeatable, and Adaptive.
Abidance Consulting will work closely with your team to ensure that all areas of the NIST framework are not only designed and implemented, but also thoroughly tested and "banged around" to ensure your program is fully protected.
Other Regulatory Compliance
Now, you didn't really think that we only worked with 6 regulatory compliance requirement areas, did you?
Truth be told, there are so many regulatory compliance requirements running around out there that Abidance Consulting works with that we couldn't list them all...there's not enough space on the Internet!
Along with the six regulatory co
Now, you didn't really think that we only worked with 6 regulatory compliance requirement areas, did you?
Truth be told, there are so many regulatory compliance requirements running around out there that Abidance Consulting works with that we couldn't list them all...there's not enough space on the Internet!
Along with the six regulatory compliance requirements listed above, Abidance Consulting is also capable of assisting you with the following compliance programs and audits:
Bring Your Own Device (BYOD)
California Consumer Protection Act (CCPA)
Virginia Consumer Data Protection Act (CDPA)
California Privacy Rights Act (CPRA)
Chemical Facility Anti Terrorism Standards (CFATS)
Colorado Privacy Act (CPA)
EDI/Vendor Management
FDA
General Data Protection Regulation (GDPR)
G-L-B-A
IoT - Internet of Things
ISO-27002
Lei Geral de Protecao de Dados (LGPD)
NIPP - Water
Patch Management
PCI
Protection Of Personal Information (POPI)
Sarbanes-Oxley (SOX) - Section 404
SOC I & SOC II Preparation
There are many other areas but we figured you got the idea...if it relates to privacy & Regulatory Compliance, Abidance Consulting can help you.