Compliance Specialties

HIPAA (The Health Insurance Portability and Accountability Act, Title II)

HIPAA mandates national standards for the security of electronic health care information. HIPAA standards for security specify administrative, technical, and physical security procedures that covered entities must use to assure the confidentiality of electronic protected health information.

SOX (The Sarbanes-Oxley Act)

Benefits of Regulatory Compliance

  • Peace of mind
  • Early risk detection and mitigation
  • Scalable and customizable solutions to match your business needs
  • Improved audit predictability
  • Assurance of industry standards

SOX requires that all businesses comply with new standards designed to protect confidentiality. According to a recent study conducted by Ernst & Young, the two issues causing the largest number of Section 404 audit exceptions are lack of segregation of duty controls, and excessive and/or improper user access to applications, servers, and data.

It is easy to understand why this is happening. Some organizations are using as many as one hundred business applications and related environments within an infrastructure decentralized at the application system level. Thus they struggle to manage access rights and create segregation of duty business rules.

Increasing this complexity is a transient workforce where new hires, transfers, and terminations occur daily. Further, the universe of applications impacted by SOX evolves constantly as old systems are retired, new ones are brought on-line, and application modules and functional roles change.

The full impact of SOX will not be known for several years, Meanwhile, organizations must develop an ongoing compliance monitoring process that equips them to comply with SOX requirements and PCAOB IT General Control objectives. Today, companies must meet these requirements:

  • Implement and test controls that protect the integrity of applications and infrastructure. Most corporations, especially dispersed organizations, will need automated software systems to meet this requirement.
  • Define and document key application security and segregation of duties controls.
  • Govern the control processes for application access additions, changes, and deletes.
  • Ensure long-term compliance through ongoing testing and tracking.

Credit Card Security Compliance PCI

The theft of credit card data is increasing daily and with it the incidence of stolen identities, fraudulent charges, and corporate liability. In response, a consortium of five card companies – Visa, MasterCard, American Express, Discover and JCB – has voluntarily established a payment card industry (PCI) data security standard. This standard must be implemented by all merchants and their web hosts, shopping cart vendors, and payment service providers. The PCI data security standard requires card issuers and processors to invest in the necessary compliance technology and training. Those who do not comply with the standard face fines of up to $500,000 and the possibility of being barred from accepting credit card payments.