It is needless to state that today’s organizations are facing more intense pressure from increasing regulation and investigations by federal regulators, state attorneys generals, and others prompting extensive reviews, audits, and litigation in a variety of industry practices. Whether dealing with an urgent issue or addressing compliance more broadly, organizations need to have comprehensive programs in place to address their risks of noncompliance with state, federal, and international laws. Organizations need the expertise required to review their cybersecurity related operations from all perspectives to ensure that applicable regulatory requirements are being met.
Concrete benefits of our services include:
i. HIPAA Compliance Review
HIPAA was passed 1996 to address the security and privacy of health care data. Following this, the government then enacted the Health Information Technology for Economic and Clinical Health Act (HITECH Act) as part of the American Recovery and Reinvestment Act of 2009 (ARRA) and signed it into law on February 17, 2009. The HITECH Act amended HIPAA with significant changes to data breach notification, enforcement, and penalties. CryptoForensics’ HIPAA compliance review is carried out as a gap assessment to review the client’s operational systems and processes to identify areas of noncompliance. Our experienced team members have worked with many organizations in the commercial, government, and health and human services sectors, including providers and service organizations.
The benefits of our approach include:
ii. The Sarbanes-Oxley Act of 2002 (SOX) Section 404 Compliance Review
CryptoForensics’ SOX Readiness Review is designed to assess an organization’s preparedness for compliance. By conducting a thorough gap analysis, our consultants will assess the current control environment by identifying strengths and providing recommendations for areas that need improvement. As part of our detailed recommendations, we will provide a prioritized listing of controls for implementation or enhancement prior to the audit.
In addition, CryptoForensics will provide SOX-specific process documentation examples (flowcharts and Risk Control Matrices), test script templates, an inventory of baseline policies and procedures required, and key forms. A SOX Readiness Review is a valuable, cost effective assessment that will give you a good idea of where you currently are and where you need to be
CryptoForensics’ SOX compliance review is focused on section 404 and designed around the COSO internal control framework, the IT Governance Institute’s CobiT, and industry best practices. CryptoForensics will apply a top-down, risk-based approach to identify the most effective and efficient ways to appropriately reduce effort and compliance cost through better risk assessment, scoping, and use of technology. Our offerings are designed to meet each client’s unique needs. Whether our arrangement is full outsourcing, co-sourcing, or consulting, our team will work closely with the process owners, management, and external auditors to ensure all compliance initiatives are met on schedule, on budget, and in the highest quality. Our offerings here include:
At Cryptoforensics, we regard SOX as an opportunity to continuously improve business processes and performance rather than a mere exercise in compliance. Our consultants will thus help your organization to achieve compliance in the most efficient and cost effective manner.
iii. SSAE 16 SOC II & ISAE 3402 Preparedness Review
CryptoForensics can perform a readiness assessment that can help your organization assess the controls in place to meet the Trust Services Principles and Criteria with the goal of ensuring preparedness for the SOC 2 examination. In addition, CryptoForensics can help reduce or eliminate the possibility of a qualified opinion or reporting exceptions.
CryptoForensics’ experts will work collaboratively with your management teams to perform a detailed readiness review and provide a gap matrix that identifies controls that would pass right away, controls that would partially fail, and controls that would fail and require remediation. Organizations that fall into the following categories would benefit from our offerings:
The benefits of our service offerings:
Concrete deliverables from our engagement will include:
It is true that growing IT organizations may not have the foundational programs in place to address key areas of security and risk. It is also true that more established organizations may not have updated their existing programs to meet new business and organizational challenges. In either case, it is safe to surmise that the typical organization lacks the proper insight, resources, or knowledge to design or update effective security programs that incorporate best known practices tailored to their organizations.
Organizations that are challenged by compliance requirements (e.g., HIPAA, SOX, PCI DSS, Basel Laws, GLBA, and other regulations) must ensure that the vendors accessing their assets and systems are compliant with the relevant regulations. Like it or not, organizations that lose sight of the fact that when they outsource a function to third parties the ultimate responsibility for all compliance requirements remains with them usually pays a heavy price when things go wrong.
The ever-increasing cyberthreats from terrorist attacks, natural disasters, hackers, and viruses have highlighted the need for organizations to prepare Disaster Recovery and Continuity of Operations plans. CryptoForensics’ experts understand these threats as well as an organization’s essential functions and aim to deliver high availability of systems and infrastructure every day,
As a result several high profile breaches, states have enacted their own laws providing additional protection, including Massachusetts’ 201 CMR 17. Similarly, numerous international laws have been adopted, including the European Directive and Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA). Further, more than 50 countries have enacted omnibus data privacy laws covering the private sector, including Mexico’s Federal Law on the Protection of Personal Data Held by Private Parties.
Our Comprehensive Suite of Solutions and Services . ..
Today, most enterprises try to deal with cybersecurity threats by focusing inwardly through conducting vulnerability assessments, making detailed network maps, and in some cases, deploying robust patch management processes to continuously monitor their networks and systems. While this approach provides some benefits, against many cyber threats it's ineffective. Most corporate networks are so large and complex that it's simply too difficult to identify all of their assets, or all of their vulnerabilities, and patch them fast enough. Today's cyber wrongdoers are sophisticated, well-funded, and patient—they use a wide range of techniques to penetrate even well-protected enterprises...