1. Home
  2. Solutions
  3. Cybersecurity
  4. Compliance Audits

Compliance Audits

Ensure regulatory adherence, identify security gaps, mitigate risks, and protect your institution from legal penalties and reputational damage.

SIG Cyber offers Comprehensive Compliance Audits

Whether you are required to comply with the FTC Safeguards Rule, PCI DSS, HIPAA, State Privacy Laws, NIST, or other requirements, SIG Cyber will partner with you to accurately scope your environment, determine the applicability of controls, and validate your compliance efforts.

Scoping

The size of your scope will have a direct impact on the cost, complexity, and difficulty of meeting and maintaining compliance standards. Your auditor will work with you on strategies to minimize your scope to maximize your return on investment for compliance efforts.

Interpreting

Depending on your scope and business processes, controls may be applicable to your entire environment, a subset of processes, or not applicable whatsoever. Your auditor will work with you to explain the requirements, its intent, and how it applies to your organization.

Validating

Having a certified third-party organization attest to your security posture, demonstrates that you take security seriously and are meeting the applicable standards. This adds credibility to your compliance efforts and shows due diligence.

Compliance Audit Requirements

PCI DSS

If your organization stores, processes, or transmits credit card information, you are required to adhere to the Payment Card Industry (PCI) Data Security Standard (DSS). SIG is certified by the PCI Security Standards Council (SSC) as a Qualified Security Assessor (QSA), allowing us to certify your PCI compliance efforts.

HIPAA

Education Institutes that collect or manage electronic protected health information (ePHI) are required to meet Health Insurance Portability and Accountability Act (HIPAA) requirements. SIG Cyber can help you determine whether you are meeting the requirements laid out in the Security Rule and prove to outside organizations that you are maintaining compliance.

CMMC

The Cybersecurity Maturity Model Certification (CMMC) was developed to safeguard sensitive unclassified information handled by all contractors and subcontractors to the United States government. SIG Cyber can partner with you to assess your scope, ensure applicable requirements are met, and complete your required annual self-attestation.

FTC Safeguards Rule

The Federal Trade Commission’s (FTC) standards for safeguarding customer information, better known as the FTC Safeguards Rule, requires covered financial institutions to comply with a minimum set of security standards. This includes higher education institutions that accept financial aid, and non-compliance can result in steep fines for your school.

CIS Critical Controls

If your organization wants to demonstrate compliance with an industry-recognized standard, but does not fall into any of the above categories, the Center for Internet Security’s (CIS) Critical Security Controls may be a good fit. This internationally-recognized list of the most important security controls can be applied to your organization to demonstrate your adherence to information security best practices.

Expertise

We understand that you are looking for a security expert.

SIG is a CREST-accredited penetration testing provider and is well versed in the specific student information systems that hold your institution’s most sensitive data. Our engineers are masters of their craft and hold industry leading certifications including:

* Certified Red Team Operator (CRTO)

* Cisco Certified Network Associate (CCNA)

* CMMC Registered Practioner

* CompTIA A+

* CompTIA Network+

* CompTIA PenTest+

* CompTIA Project+

* CompTIA Security+

* CREST-Accredited Penetration Testing Provider

* CREST-Registered Penetration Tester (CRT)

* CyberLock Cyber Essentials Plus

* EC-Council Certified Ethical Hacker (C|EH)

* EC-Council Certified Incident Handler (E|CIH)

* GIAC Certified Incident Handler (GCIH)

* GIAC Foundational Cybersecurity Technologies (GFACT)

* GIAC Information Security Fundamentals (GISF)

* GIAC Penetration Tester (GPEN)

* GIAC Python Coder (GPYC)

* GIAC Security Essentials (GSEC)

* GIAC Web Application Penetration Tester (GWAPT)

* HTB Certified Bug Bounty Hunter (HTB CBBH)

* INE Security: Certified Prof Penetration Tester (eCPPT)

* INE Security: Junior Penetration Tester (eJPT)

* INE Security: Web Application Penetration Tester (eWPT)

* INE Security: Web Application Penetration Tester (eWPTX)

* ISACA: Certified Information Secuirty Manager (CISM)

* ISACA: Certified Information Security Auditor (CISA)

* ISC2: Certified Information Security Professional (CISSP)

* ISC2: Info Systems Security Architecture Professional (ISSAP)

* OffSec Certified Professional (OSCP)

* OffSec Web Expert (OSWE)

* OffSec Wireless Professional (OSWP)

* PCI Security: Qualified Security Assessor (QSA)

* PeopleCert: ITIL Foundation

* SOC 2 Type II (SIG Cyber)

* TCM Practical Network Penetration Tester (PNPT)