Regardless of your industry, you’re likely facing more regulatory requirements than ever before. Our advisors can help you meet your compliance needs.
We help you navigate the complexities of regulatory responsibilities
Industries such as healthcare and financial services have been dealing with compliance for HIPAA and GLBA for years, but now there are more laws for specific industries, as well as at the state level and for foreign entities.
We’ve helped clients with regulatory and attestation work on a variety of rules and regulations, including:
- SOC 2 (SSAE 18)
- HIPAA / HITECH
- FDA 21 CFR Part 11
- Sarbanes-Oxley (SOX)/ JSOX
- MAR (Model Audit Rule)
- BSA / AML (Bank Secrecy Act / Anti-Money Laundering)
- GLBA (Gramm-Leach-Bliley Act) requirements
- GDPR (General Data Protection Regulation)
- New York State’s Cybersecurity Regulations
- Singapore’s Computer Misuse and Cybersecurity Act
To seamlessly integrate the various compliance considerations, we use best practices provided by organizations such as NIST and ISO as the foundation for our engagements, including NIST’s Cybersecurity Framework and SP 800-53 Security and Privacy Controls, as well as ISO 27001 & 27002.
The European Union’s General Data Protection Regulation (GDPR) went into effect on May 25, 2018. Any organization that stores information about an EU citizen, regardless of whether it’s based in the EU or another part of the world, must comply. We can assist by reviewing your databases, helping you develop an action plan, and providing implementation assistance to protect sensitive personal information.
Industry-specific regulatory compliance
You’re an expert in your industry, but you can rely on us to be the experts in compliance. Our consultants use their deep experience to help you stay compliant through risk assessment, targeted controls, audit and review services. We can address the requirements of:
- GLBA (Gramm-Leach-Bliley Act) for financial institutions
- HIPAA (Health Insurance Portability and Accountability Act of 1996) for healthcare organizations
- SOX (Sarbanes-Oxley Act of 2002) for public companies
- MAR (Model Audit Rule) for insurance companies
- GDPR (General Data Protection Regulation) for companies that do business or have data in Europe
- PCI DSS (Payment Card Industry Data Security Standard) for any company that stores, transmits, or processes credit card data
- NIST (National Institute of Standards and Technology) for any company that wants to improve security or privacy; required for government and public education institutions
- ISO (International Organization for Standardization) for any company that wants to improve security or privacy; best suited for large international organizations
- FAR & DFARS (Federal Acquisition Regulation & Defense Federal Acquisition Regulation Supplement) for the federal government and its contractors
- BSA/AML (Bank Secrecy Act/Anti-Money Laundering) for financial institutions
- FERPA (Family Educational Rights and Privacy Act) for schools that receive funds under an applicable U.S. Department of Education program
Ready to start a conversation?