Compliance and Frameworks
National Institute for Standards and Technology(NIST)
The Federal Information Security Management Act of 2002 (FISMA) was one of the first to require federal agencies to develop, document, and implement an agency-wide information security program. The framework of the program is further defined by the National Institute for Standards and Technology(NIST) standards and guidelines, Federal Information Processing Standards (FIPS) publications, and NISP Special Publications 800-series.
The framework is comprised of many individual parts – all which can be facilitated, implemented, or achieved by leveraging service offerings of Cyreonix Consulting.
- Categorize data and information systems according to risk level
- Inventory all systems and assets within an enclave
- Implement security controls
- Perform risk assessments/penetration testing
- Design and implement a System Security Plan
- Implement continuous monitoring and annual security reviews
Cyreonix Consulting has hands-on experience and expertise in all of these areas outlined above – especially within the Defense Department. Contact us for more information about how we can help you attain, manage, and sustain FISMA compliance.
Health Information Portability and Accountability Act (HIPAA)
The Health Information Portability and Accountability Act was established by Congress in 1996. Security Standards were issued as part of HIPAA in April of 2003 and established requirements to safeguard Protected Health Information (PHI) – both paper and electronic. The requirements specifically addressed administrative, physical, and technical safeguards meant to ensure that patient health records and personally identifiable information remain as secure as possible. HIPAA also established notification requirements in the event of a data security breach – a PR nightmare for any hospital, insurance provider, or federal organization.
Let Prolific Solutions help you ensure your HIPAA compliance and avoid notification requirements altogether. We can review your program, recommend changes, help you implement processes and procedures, and make sure you meet the letter of the Law with regards to HIPAA compliance.
Sarbanes Oxley Act (SOX)
The Sarbanes-Oxley Act of 2002, commonly referred to as SOX, was enacted on July 30, 2002. As a result, management of public companies are required to establish and maintain adequate internal controls over financial reporting and assess the effectiveness of such controls. Additionally, external auditors of these companies issue an opinion on whether effective internal controls over financial reporting was maintained in all material respects, in addition to their opinion on the accuracy of the financial statements.
Implementing, documenting, and testing internal controls is not only costly, but requires a tremendous amount of effort. Utilizing Cyreonix Consulting in this endeavor will significantly decrease the resources required to complete testing of both the design and effectiveness of these controls. Additionally, our team of well-trained SOX professionals is equipped to assist with the implementation and/or documentation of internal controls. We can also identify areas where automation could viably replace manual processes currently being used also resulting in cost savings.