Whether you are required to comply with the FTC Safeguards Rule, PCI DSS, HIPAA, State Privacy Laws, NIST, or other requirements, SIG Cyber will partner with you to accurately scope your environment, determine the applicability of controls, and validate your compliance efforts.
The size of your scope will have a direct impact on the cost, complexity, and difficulty of meeting and maintaining compliance standards. Your auditor will work with you on strategies to minimize your scope to maximize your return on investment for compliance efforts.
Depending on your scope and business processes, controls may be applicable to your entire environment, a subset of processes, or not applicable whatsoever. Your auditor will work with you to explain the requirements, its intent, and how it applies to your organization.
Having a certified third-party organization attest to your security posture, demonstrates that you take security seriously and are meeting the applicable standards. This adds credibility to your compliance efforts and shows due diligence.
Compliance Audit Requirements
If your organization stores, processes, or transmits credit card information, you are required to adhere to the Payment Card Industry (PCI) Data Security Standard (DSS). Triaxiom Security is certified by the PCI Security Standards Council (SSC) as a Qualified Security Assessor (QSA), allowing us to certify your PCI compliance efforts.
Education Institutes that collect or manage electronic protected health information (ePHI) are required to meet Health Insurance Portability and Accountability Act (HIPAA) requirements. SIG Cyber can help you determine whether you are meeting the requirements laid out in the Security Rule and prove to outside organizations that you are maintaining compliance.
The Cybersecurity Maturity Model Certification (CMMC) was developed to safeguard sensitive unclassified information handled by all contractors and subcontractors to the United States government. SIG Cyber can partner with you to assess your scope, ensure applicable requirements are met, and complete your required annual self-attestation.
FTC Safeguards Rule
The Federal Trade Commission’s (FTC) standards for safeguarding customer information, better known as the FTC Safeguards Rule, requires covered financial institutions to comply with a minimum set of security standards. This includes higher education institutions that accept financial aid, and non-compliance can result in steep fines for your school.
CIS Critical Controls
If your organization wants to demonstrate compliance with an industry-recognized standard, but does not fall into any of the above categories, the Center for Internet Security’s (CIS) Critical Security Controls may be a good fit. This internationally-recognized list of the most important security controls can be applied to your organization to demonstrate your adherence to information security best practices.