Regulatory Compliance
Pass Your Next Security Audit with Confidence
Have an upcoming IT security audit? We can perform a pre-assessment of your existing security controls and network
infrastructure to identify potential weaknesses prior to your next audit. If you're just starting out, we can help
you select the appropriate technologies, products, and solutions to ensure that you are in compliance with industry
and legislative requirements.
PCI
Visa, MasterCard Worldwide, American Express, Discover Financial Services, and JCB International founded the Payment Card
Industry (PCI) Security Standards Council in 2006 with the goal of reducing fraud and theft related to credit cards. The
council is responsible for the "development, management, education, and awareness" of the PCI Security Standards. The PCI
Security Standards consist of the Data Security Standard (PCI DSS), Payment Application Data Security Standard (PA-DSS),
and PIN Transaction Security (PTS). The PCI DSS provides a security framework for organizations that store credit card
information and process credit card transactions, and defines processes for security incident prevention, detection, and
response. Secure Mind Labs can help your organization comply with specific requirements within the PCI DSS.
HIPAA
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) provides regulations for protecting the privacy
and security of health-related information. HIPAA incorporates two components: the HIPAA Privacy Rule and the HIPAA Security
Rule. The HIPAA Privacy Rule, also known as Standards for Privacy of Individually Identifiable Health Information,
establishes general standards for the protection of health information. The HIPAA Security Rule, or Security Standards for the
Protection of Electronic Protected Health Information, defines standards for protecting health information that is stored
or transmitted in an electronic form. Healthcare institutions can improve the quality of healthcare services by adopting
new technologies; however, these organizations must understand the impact that these technologies have on the security of
protected health information (PHI) and employ adequate security controls for the protection of electronic PHI.
GLBA
The Gramm-Leach-Bliley Act (GLBA), also known as the Financial Services Modernization Act of 1999, defines several rules governing
the collection, disclosure, and protection of personally identifiable information (PII) by financial institutions. In particular,
the Financial Privacy Rule requires financial institutions to provide consumers with annual privacy notices describing
the collection and disclosure of personal information. The Safeguards Rule calls for financial institutions to implement
a written security plan for protecting the confidential information of consumers.
SOX
The Sarbanes-Oxley Act of 2002, also known as Sarbox or SOX, sets standards for the management of all U.S. public companies
and accounting firms with regards to accounting practices, corporate responsibility, and financial disclosure. The act was
passed in response to several major corporate and accounting scandals, most notably those involving Enron, WorldCom, and Tyco
International. While primarily concerned with the accurate reporting of financial data, sound IT security practices help to
demonstrate corporate responsibility and to protect the integrity and reliability of reported information.
FERPA
The Family Educational Rights and Privacy Act (FERPA) protects the privacy of student education records. It applies to all schools
recieving funds from a program administered by the U.S. Department of Education. To protect student personal information, educational
institutions must understand how such information can be compromised and implement the necessary safeguards to protect confidential
student information.
