IT Regulatory Compliance Programs

SystemExperts's IT compliance programs are based on a life-cycle approach. For most organizations, the first challenge is understanding the requirements imposed by the regulation of the contract (as in the case of PCI DSS).

Our IT compliance methodology whether for HIPAA, PCI DSS, or ISO 2700X consists of the following steps:

  1. (1) Education – interpreting the standard in the context of your unique business environment & risks
  2. (2) Assistance in closing compliance gaps
  3. (3) Formal compliance assessment
  4. (4) Communication – a Compliance Statement for organizations to use with third parties to demonstrate their compliance with the standard or regulation
  5. (5) Annual compliance update

Compliance Program Lifecycle | ISO 27002 Compliance | PCI Compliance | HIPAA Compliance | 201 CMR 17 Compliance

Compliance Program Lifecycle

SystemExperts uses a lifecycle approach in guiding our clients through our compliance programs.

We help our clients interpret the particular regulation or standard within the context of their unique business model and help them understand what it means to comply. We then work with the organization to identify pertinent compliance gaps and provide practical recommendations to close those gaps.

Once those gaps are closed, SystemExperts will return to perform a rigorous compliance assessment and document the company’s success in a format to be shared with relevant third parties.

Compliance Life Cycle

ISO 27002 Compliance Program

The roadmap to comprehensive and cost effective security

SystemExperts's ISO 27002 Compliance Program is a structured methodology designed to help companies build comprehensive and cost effective enterprise security programs, ensuring that security resources are applied wisely, and efforts are focused on activities that will reduce real business risk.

For years, organizations have been searching for an objective benchmark to measure the security of potential business partners and to distinguish the quality of their own services. ISO 27002 is an international standard that defines an overarching security framework consisting of 135 specific controls organized around 36 control objectives. This balanced framework serves as the basis for both measuring an organization's effectiveness in addressing risk and structuring an organization's overall security program. Because ISO 27002's requirements are largely a superset of other major regulations, achieving ISO 27002 compliance positions most organizations to be well on their way to meeting the requirements of Sarbanes Oxley, Gramm-Leach-Bliley, HIPAA, and other pertinent regulations.

SystemExperts's ISO 27002 Compliance Program provides the following:

  • Encourages organizations to develop a security program that integrates business and technology
  • Helps to identify and prioritize specific tasks to improve security and achieve compliance
  • Focuses on activities that reduce real business risk
  • Positions companies to meet the security requirements of Sarbanes Oxley, Gramm-Leach-Bliley, HIPAA, and other pertinent regulations
  • Improves cross-functional (e.g. Legal, HR, lines of business) cooperation on security matters
  • Identifies deficiencies in security areas that are often overlooked
  • Encourages organizations to develop a balanced view of security that includes secure business processes, well designed policies, and appropriate use of technology
  • Communicates to prospective customers, business partners, board members, employees, and regulators that the organization has a comprehensive security program in place

PCI Compliance Program

SystemExperts is a Qualified Security Assessor Company (QSAC) and its staff members are recognized as Qualified Security Assessors by the Payment Card Industry (PCI) Security Standards Council. The PCI Security Standards Council's QSA qualification requirements are exacting and detailed, involving both the security company and individual employees. The organization was founded by American Express, Discover Financial Services, JCB, MasterCard Worldwide, and Visa International to enhance payment account data security. SystemExperts PCI Compliance Program includes services to help our clients expeditiously and cost effectively progress through the entire compliance life-cycle. These services include:

  • Helping our clients to understand the PCI Data Security Standard compliance requirements as it applies specifically to their business
  • Assisting Level 2-4 merchants prepare for and complete the Annual Self Assessment Questionnaire
  • Working with acquirers to determine specific merchant requirements
  • Assisting Level 1 merchants and Service Providers prepare for the PCI DSS annual on site review
  • Conducting annual on site reviews
  • Recommending practical measures to address any compliance deficiencies
  • Assisting in remediation efforts

HIPAA Compliance Program

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) requires covered entities to comply with what is commonly known as the Privacy Rule and the Security Rule.

SystemExperts's HIPAA Compliance Program includes services to help our clients expeditiously and cost effectively progress through the entire compliance life-cycle and address the requirements published by the Department of Health and Human Services. Specifically, SystemExperts assists its clients in preparing for the required ongoing HIPAA reviews, conducting the reviews in a collegial, rather than adversarial manner, documenting compliance with the rules, and providing a HIPAA Compliance Statement that describes the scope of HIPAA compliance activities and level of compliance achieved. HIPAA reviews cover:

  • Administrative safeguards
  • Physical safeguards
  • Technical safeguards
  • Organizational requirements
  • Policies, procedures, and documentation requirement

Massachusetts Identity Theft Protection Regulation – 201 CMR 17

Any organizations that owns, licenses, stores, or maintains personal data about a Massachusetts resident is required to comply with the new Massachusetts identity theft protection regulation (201 CMR 17). This regulation specifies minimum information security standards.

In addition, 201 CMR 17 requires organizations to have a Written Information Security Program (WISP) describing how the requirements of the regulation have been met.

Our 201 CMR 17 program involves:

  • Assessing your current level of compliance
  • Suggesting cost-effective solutions to meet regulatory requirements
  • Assisting in the development of a Written Information Security Program (WISP)

Security Blanket™

Peace of mind at an affordable price - You'll be able to sleep at night knowing a team of our network security experts is on your side and watching your back.

Read More

Compliance Programs

Cost-effective compliance services in HIPAA, PCI, and ISO 27002 - working with you to achieve business-practical results.

Read More

Why SystemExperts?

We’re different – a long term perspective pervades everything we do: quality and responsiveness; staffing and business practices; fixed price engagements; experts and only experts.

Read More

Practical Security Policies

Compliance with regulations and contracts is forcing organizations to develop documented security policies.

Read More
Visit our blog