Navigating the Compliance Landscape

Understanding Your Compliance Requirements

Complying with federal and other government rules for the collection and storage of customer data and other sensitive information is a primary reason why many companies have managed cybersecurity measures in place. Failing to abide by the strict regulations can result in costly fines and other punitive actions.

Which compliance rules your company or organization must comply with depends on which industry you are serving. There are separate rules for healthcare, retail, financial, energy and other sectors.

HIPAA

The Health Insurance Portability and Accountability Act (HIPAA) mandates that healthcare providers, health plans, hospitals and other covered entities implement comprehensive privacy of protected health information (PHI) of patients. Compliance requirements are becoming increasingly demanding and the chance of an audit is higher than at any prior time.

Proficio has worked with our customers to create a unique compliance management service especially for HIPAA.  Proficio pioneered Managed Detection and Response services with our Security Operations Center (SOC) solution, providing 24×7 advanced detection, protection and automated incident response against patient privacy breaches.

For more insights into healthcare industry cybersecurity compliance, learn more about Proficio’s Compliance Insight Service.

PCI DSS

If your business regularly processes, stores, or transmits credit card information, then you are affected by the Payment Card Industry Data Security Standard (PCI DSS). PCI DSS requirements are continually updated to keep pace with the evolving threat landscape, and it can be a challenge to keep your security program in compliance.

Proficio managed security services help organizations meet many of the critical requirements for compliance with the PCI Data Security Standard. Proficio’s customers benefit from the most advanced security monitoring and 24×7 managed security services that until recently were outside the budget of all but the very largest enterprises.

GDPR

The General Data Protection Regulation, set to take effect in May 2018, is the most significant set of data privacy laws for the companies based or doing business in the European Union (EU). If your company processes data about individuals in the context of selling goods or services to citizens in EU nations, you will need to comply with the provisions of the GDPR. For the purposes of the regulations, “personal data” means any information related to a natural person or “Data Subject” that can be used to directly or indirectly identify the person. It can be anything from a name, photo, email address, bank details, social networking posts, medical information or a computer IP address. A breach of the GDPR will carry the possibility of stiff fines and other punitive actions.

Singapore Critical Information Infrastructure Bill

The Critical Information Infrastructure Bill, scheduled to go into effect in 2018, will change how cybersecurity is managed in Singapore. The bill includes stricter rules for computer systems that are deemed to be “critical information infrastructure” in the country. Operators of networks and computers deemed to be critical information infrastructure would be required to comply with period audits and risk assessments designed to help ensure the security of critical information.

Australia Breach Notification Law

Australian officials are set to require mandatory notifications of data breaches in an effort to combat cyber crime. The Privacy Amendment (Notifiable Data Breaches) Act of 2017, slated to go into effect in February 2018, introduces a data breach notification scheme that obligates all businesses and agencies regulated by the nation’s Privacy Law to notify government officials and affected individuals of designated breaches that are “likely to cause serious harm.” Failure to comply with the breach notification law can result in fines of up to $274,000 against individuals or $1.3 million against organizations.

Sarbanes-Oxley Act

Created in response to the accounting scandals that occurred at major corporations in 2001 and 2002, the Sarbanes-Oxley Act requires that publicly traded companies ensure their internal business processes are properly monitored and managed.

Proficio provides managed security services for compliance with the Sarbanes-Oxley Act.

NERC CIP

The North American Electric Reliability Corporation (NERC) maintains comprehensive reliability standards that define requirements for planning and operating the collective bulk power system.

Proficio provides a full family of managed security services to help you improve your security and compliance posture while reducing costs. 

GLBA, FFIEC

Under the Gramm-Leach-Bliley Act (GLBA), financial institutions are required to explain their information-sharing practices to their customers and to safeguard sensitive data. Proficio’s security experts can help your financial services organization comply with all requirements without the administrative overhead.

FERPA

The Family Educational Rights and Privacy Act of 1974 is a federal law designed to protect the privacy of student education records. All schools, colleges and universities that receive U.S. Department of Education funding are required to comply with the law. FERPA requires educational institutions to abide by regulations for record keeping, privacy and sharing of student records. Proficio is an expert in helping institutions of higher education achieve compliance with FERPA and other regulations.

Proficio helps take the stress out of IT security.