IT Compliance and Privacy

Home » IT Compliance and Privacy - Last updated:

SOX Compliance

SOX compliance - Specific to IT:  leveraging IT best practices (e.g. COBIT framework-specific control objectives), our IT auditors apply a common-sense approach when reviewing your IT general and IT...

HIPAA HITECH

With the addition of HITECH, State Attorney Generals gained the ability to pursue civil and criminal enforcement of HIPAA violations. Through the Department of Health and Human Services (HHS), the...

HITRUST

How Do We Partner With You? Elevate provides security strategy, process, and implementation services to help improve your information security needs. Regarding HITRUST CSF certification, we can...

SOC 2 Compliance

The Common Criteria/Security of the AICPA Trust Service Principles must be included in a SOC 2 report, with additional criteria available. Common Criteria/Security - The system is protected against...

SOC 1 / SSAE 18

Any report opinion issued on or after May 1, 2017, will be issued under the SSAE 18 standard. Two types of SOC 1 reports exist: Type I: Test of Control Design Effectiveness (A period of time) Type...

SWIFT CSP V2022

The CSP focuses on three mutually reinforcing areas: Secure and Protect Share and Prepare Prevent and Detect While all institutions are responsible for protecting their own environment, SWIFT’s CSP...

DFARS Compliance

To meet the minimum requirements, DoD contractors must: Provide adequate security, and Conduct cyber incident analysis and reporting Adequate Security is provided by implementing “protective...

CCPA Compliance

CCPA Compliance and Data Privacy CCPA Compliance law protects all personal information that identifies, relates to, describes, is capable of being associated with, or may reasonably be linked,...

CMS DE and EDE Pathway

In this article, we discuss CMS DE and EDE Pathway. Background Direct Enrollment (DE) permits consumers to purchase a Marketplace health plan from a source other than Healthcare.gov; however, the...

CSA STAR Certification

Criteria and Scoring CSA STAR uses a “technology-neutral” approach leveraging the ISO/IEC 27001 control criteria and adding Cloud-specific controls from best practices and leading standards and...

SEC and Broker Dealers

FINRA reviews a company's approaches to cybersecurity risk management, including: Technology governance System change management Risk assessments Technical controls Incident response Vendor...

CMMC Readiness

The updated CMMC 2.0 framework (CMMC Readiness) will be more streamlined, eliminating both Levels 2 and 4, which were considered “transition levels” and creating a leaner model consisting of only 3...

FedLine Security Controls

Within the Fedline Solutions catalog, there are four different products that are offered, and while no clients should ever require all four, there may be occasions where more than one product is...