Important! New mandatory data breach reporting laws may impact your company.

Compliance Management

Compliance Management

  1. Risk Assessment

    The purpose of a Business Impact and Risk Assessment is to determine the approximate business value of IT assets, to assess the impact the loss of those assets would have on business units, and to assign recovery priorities to the assets, as well as risk reports and profiles for the business impact analysis. Consider revisiting your Business Impact and Risk Assessment annually. More Information

  2. PCI Compliance

    If you use e-commerce on your website or EFTPOS machines for transactions then PCI Compliance is necessary to avoid liability in case of a breach and to avoid fines associated with not sufficiently protecting your customer’s credit card information. Cybernetic Global Intelligence provides consulting and compliance certification services to comply with and audit the PCI DSS standard. These include conducting gap analysis, implementing the necessary controls and also preparing the Report on Compliance (ROC) Self-Assessment Questionnaire (SAQ) The ROC or SAQ is prepared by a QSA independent of any consulting engagement with the client. More Information

  3. HIPPA Compliance

    Any organization maintaining or transmitting electronic protected health information, known commonly as ePHI, must comply with HIPAA. This includes business associates, which are contractors and subcontractors that perform services on behalf of a health insurance provider. ePHI is defined as “identifiable demographic and other information relating to the past, present, or future physical or mental health or condition of an individual.” HIPAA features three components related to data protection: the Security Rule, the Privacy Rule and the Breach Notification Rule. Each one is encompassed by the overarching Omnibus Rule, which took effect in 2013 and ushers in enforcement of business associates for the first time. The requirements of the Omnibus Rule were mandated by the Health Information Technology for Economic and Clinical Health (HITECH) Act, passed in 2009 as part of the economic stimulus bill. More Information

  4. Data Privacy

    Typically, entities are required to alert consumers, whose personal information was compromised, in an expeditious manner and without unreasonable delay. And even if the breach affects a third-party company that is maintaining the compromised information, the burden is on the company that owns the data to notify affected individuals. More Information