. . . . .  . . . . .  . . . . .  Compliance Services

Protect your Clients and your Organization.

 

. . . . .    If the 1990s were the age of the dot-com, then the 2000’s can easily be considered the age of compliance. Government legislations like HIPAA, Gramm-Leach-Bliley and the Sarbanes-Oxley Act (SOX) require businesses to adhere to strict regulations.

 

. . . . .  Compliance issues dominate many industries and weigh heavily on the executives of these organizations. The cost of maintaining and implementing procedures that satisfy industry regulatory bodies continues to rise in real financial terms as well as resources and skills

 

Financial Services

 

. . . . .To satisfy the auditors of the Gramm-Leach-Bliley Act (GLBA), organizations must implement on behalf of its consumer’s an information security program that protects non-public information. The Federal Trade Commission implemented GLBA by issuing guidelines for the Privacy rule; the Safeguard rule and the Pretexting rule.

 

. . . . .   Planit can help Financial Institutions identify their critical assets that are associated with any consumer non-public information and the risks associated with those assets in order to evaluate the current controls in place, and based on current best practices ensure the controls are adequate to mitigate any threats identified. Our services include:

 

. . . . . . . . . .     Risk and Vulnerability Assessments

. . . . . . . . . .     Business Continuity and Disaster Recovery Planning

. . . . . . . . . .     Service Provider Contract Assessments to comply with GLBA rules

. . . . . . . . . .     Meeting with your auditors to discuss your compliance manual

. . . . . . . . . .     Regular updates of the vulnerability assessments

. . . . . . . . . .     Employee awareness and training

                       

. . . . .    Our methodologies are based upon the National Institute of Standards in Technology (NIST) the industry standard in managing compliance audits for GLBA

 

Health Services

 

. . . . .    The first-ever federal privacy standards to protect patients' medical records and other health information provided to health plans, doctors, hospitals and other health care providers took effect on April 14, 2003. Developed by the Department of Health and Human Services (HHS), these new standards, the "Health Insurance Portability and Accountability Act" (HIPAA) provides patients with access to their medical records and more control over how their personal health information is used and disclosed.

 

. . . . .  The Security rule of HIPAA specifies a series of administrative, technical, and physical security procedures for covered entities to use to assure the confidentiality of electronic protected health information. The standards are delineated into either required or addressable implementation specifications.

 

. . . . .   Planit can help health based organizations identify risks associated with the critical assets associated with any patient non-public information as well as implement a Disaster Recovery and Business Continuity plan to ensure that the data is safe, secure and available.

Publicly Traded Companies

 

. . . . .   The Public Company Accounting Reform and Investor Protection Act of 2002 (or Sarbanes-Oxley Act) was passed to control the accuracy and attestation of financial information from publicly traded companies

 

. . . . .   Section 404 (SOX-404) deals specifically with the technology compliance. The general purpose of a section-404 internal audit is to identify weaknesses and/or deficiencies in the IT controls and implement resolution to them prior to an external audit.

 

. . . . .   The de facto standard for the internal audit is COSO (the Committee of Sponsoring Organizations standard). The COSO framework identifies how control risks should be identified within processes and the control methods to mitigate these risks

 

. . . . .   Planit can help publicly traded organizations identify the risk and current controls associated with its financial information and evaluate if there is a gap between controls in place and those needed to satisfy your external auditors. Our services include:

 

. . . .  . . . . . .     Risk and Vulnerability Assessments

. . . . . . . . . .     Business Continuity and Disaster Recovery Planning

. . . . . . . . . .     Service Provider Contract Assessments to comply with SOX-404

. . . . . . . . . .     Meeting with your auditors to discuss your compliance manual

. . . . . . . . . .     Regular updates compliance manual

. . . . . . . . . .     Employee awareness and training

 

 

. . . . .   Planit’s approach to helping your organization with its compliance challenges, is to work with you through your organizations processes, not just technology related issues. By understanding the way that your technology is used and how it interacts with your internal and external needs, the right risks can be identified with the right controls implemented where needed.

 

 

 

Realizing the full POTENTIAL that Technology Promises and

Protecting Against Risks that Mismanaged Technology Creates