Compliance
We Take the Pain and Misery Out of Compliance
Almost every business and non-profit organization is subject to at least one set of security or privacy rules… and sometimes more. For most organizations, compliance with these rules is tedious, confusing, and downright frustrating. You can breathe a huge sigh of relief. US itek Compliance gives you the ability to stay compliant and secure for the following standards.
- CMMC
- Cyber Insurance
- GDPR
- HIPAA
- NIST Cyber Security Framework
- PCI coming soon
- New York Shield Act coming soon
Are you keeping up to date with your compliance?
We can help with the process of assessing and maintaining compliance to standards regardless of your industry:
- We start with a complete understanding of all the rules that you are expected to follow.
- We establish internal policies and procedures to ensure your organization follows the rules.
- We regularly check and assess whether or not your organization is following the rules.
- We address issues whenever you discover the rules are not being followed.
- We document everything.
What is included with US itek Compliance Services?
Regular Comprehensive Compliance Assessments – Using a combination of automated network and computer data-gathering, and responses from built-in online questioning, US itek Compliance will discover and report on every issue of non-compliance, along with a remediation plan.
Annual Self-Audits – A business consultant will conduct an annual audit to assess any necessary technical, administrative, or physical gaps in compliance with standards.
Remediation Plans – We will identify and create a reasonable plan of action to close the gaps to make your organization compliant.
Policies, Procedures & Employee Training – We help you avoid compliance violations by having documented and well-developed policies, procedures and training to meet regulatory requirements. Get annual (and on-going) learn-from-experience training tailored for your team.
Compliance-Specific Documentation – Most regulations include a list of specific documents – and documentation – that the business must produce and maintain. US itek Compliance does the difficult work of generating the necessary documentation to clearly show compliance regulators that you are making a concerted effort to improve your network security.
Business Associate Management – In security, business associates or other third party vendors are often one of your weakest links when it comes to data breaches or attacks. Get an accountability system in place to ensure that your vendors are implementing security measures the way you expect.
Incident Management – In the event of a data breach, get the process to document the breach and notify those that need to know. Have a system and toolbox in place for your team to be completely prepared.
Ongoing Compliance Services – US itek will run regular, automated network scans, detect any new issues of non-compliance, and take corrective action if under the scope of your CareFree IT Managed Services Agreement. Everything we do is recorded in the system as evidence of compliance.
Assistance with Audits. In the event of an audit, there’s no need for a mad scramble to gather up the volumes of documents that an auditor will ask for. US itek Compliance continually collects and archives all the evidence of compliance in one place, making it a snap to respond. We offer business consulting services available to assist you with audits.
CMMC Compliance
The new Cybersecurity Maturity Model Certification (CMMC) standard is here, and it’s being rolled out for the 300,000 non-federal organizations that make up the Pentagon’s supply chain in a staged fashion over the next five years.
The core framework for this new 5-tiered cybersecurity standard is defined and published, and the government is moving as fast as it can to build out the massive infrastructure of trainers, assessors, and documentation to support it.
US itek Compliance for CMMC guides you through the certification-readiness process, and once certified, helps you document your ongoing compliance to the standard.
If you are currently doing business with the Department of Defense (DoD), or if you are in the DoD supply chain as a vendor to a DoD contractor or manufacturer, you now have serious new IT Assessment requirements related to your cybersecurity practices that need documentation.
CMMC VS. NIST 800-171
CMMC was created to ultimately inject more defense contractor accountability into the protection and privacy of sensitive government contract information. Even though it will take years to fully implement, components of it are already in place and it’s important for contractors and supply chain vendors to get started preparing right now.
Meanwhile, the DoD has just released an Interim Rule designed to beef up the reporting and compliance requirements around the current DoD cybersecurity standard, NIST (SP) 800-171. DoD is now taking comments on the new rule, which will require DoD contractors on all new contracts to perform their own guided 800-171 compliance self-assessments, and to submit their score and System Security Plan to the government.
In the eventuality that this interim rule takes effect, we will have some new tools to streamline the self-assessment, automatically score it, and generate all the necessary documents.
In the meantime, US itek Compliance should pick it up now to start going through onboarding process so they are ready for these new requirements.
Cyber Insurance
With an alarming uptick in data breaches and ransomware in recent years, an increasing number of businesses have opted to add Cyber Risk Insurance to protect themselves from catastrophic loss.
But as the threat landscape continues to expand, many insurance companies are restricting payouts by creating more claim exceptions and exclusions. Some of these are clearly stated, while others are hidden within confusing policy applications. This leaves many policy-holders vulnerable to holding the short-end of the stick when the insurer looks to disqualify a claim.
Cyber Insurance Compliance ensures that companies with Cyber Risk Insurance actually get paid in the event of a claim by automatically verifying the accuracy of information submitted on the original insurance application and then documenting on an ongoing basis, that the business has used “due care” to reasonably secure their computer network against a breach.
Keep Your Business or Non-Profit In Compliance With Their Policy Terms.
Unlike other types of compliance, there is no official “standard” when it comes to Cyber Insurance Policies. Each underwriter creates his own unique definition of coverage and set of exclusions. These requirements are governed by application questions submitted by you when applying for Cyber Insurance coverage along with the terms & conditions stated in the carrier’s insurance policy.
We have compiled the application forms from all the top cyber insurance carriers, extracted the technical requirements and built them into the Cyber Insurance Compliance Tool. We can optionally select one or more insurance carriers to create the specific “standard” to which your policy must comply. US itek Compliance platform does the rest.
Using Cyber Insurance Compliance dramatically improves your insurance claim by providing hard evidence and documentation of the Due Care you performed to secure the environment, a requirement under all cyber insurance policies.
GDPR Compliance
GDPR Compliance automates the production of mandatory reporting under GDPR, including the results from monthly scans designed to uncover GDPR related network issues and potential breaches.
What is GDPR?
GDPR or the General Data Protection Regulation is a law passed by the European Union that all country states and the UK have agreed to adhere to. Any company in the world that processes or retains European citizen data is subject to enforcement.
HIPAA Compliance
HIPAA Compliance provides a step-by-step framework to help you tackle HIPAA audits and compliance services. We have taken the guess work out of compliance-as-a-service by automating the production of mandatory reporting under HIPAA. Our solution will look at the results of the manual surveys and worksheets and compare it to data from our automated scanning to uncover HIPAA related network issues, policy flaws, and potential breaches.
What is HIPAA?
HIPAA or the Health Insurance Portability and Accountability Act was passed by Congress in 1996. Since then the impact of the legislation has been keenly felt by doctors offices and hospitals who are ill prepared to deal with data and network security. Sadly, many HIPAA violators face fines and business repercussions (such as loss of customers) so large that they are forced to close their business in six months or less. US itek HIPAA Compliance helps your organization with the necessary documentation and remediation plans to get your practice compliant.
HIPAA COMPLIANCE KEY FEATURES:
Feature | US itek HIPAA Compliance |
---|---|
Basic Security Rule Assessment | |
HIPAA Evidence of Compliance reports | |
Local data collectors for computers that cannot be scanned remotely | |
Shows results of ePHI scan | |
Role-based designations and assignment of tasks | |
Enhanced Security Rule Assessment | |
HIPAA Auditor Checklist report | |
HIPAA Policy and Procedure Validation | |
Internal Auditor support and view | |
Subject Matter Expert (SME) invitation to collaborate | |
Designed for on-going Assessments | |
Windows Installer | |
Spreadsheet-based input for rapid data entry | |
Step-by-step Workflow | |
Guidance on answering HIPAA compliance questions | |
Automated Data Collection at Client Site | |
Includes ePHI Validation | |
Enterprise Version available for resale | |
Built-in Automated Report Generation | |
Audit Log tracks assessment activities for auditor review | |
Administrative alerts for scan issues |
NIST Cyber Security Framework Compliance
Compliance for NIST CSF automates the production of best practice reporting under the National Institute of Standards and Technology’s (NIST) Cyber Security Framework (CSF). We become your compliance expert and guide you through the process using a combination of automated network data scans and responses to dynamically-generated questionnaires. The result we create are a set of reports that you can use to identify gaps and non-compliance with your own cybersecurity policies.
What is the NIST CSF?
The NIST Cyber Security Framework (CSF) provides a policy framework of computer security guidance for how private sector organizations in the United States can assess and improve their ability to prevent, detect, and respond to cyber-attacks.
Click Here to Learn More.