Compliance & Information Security Overview

Compliance Consulting for Businesses on Long Island

There are lots of rules and regulations that if not adhered to can have an adverse impact on your business. The intent of these regulations is to improve information security which is, of course, a good thing. The downside is that if you don’t comply with the regulations, it may result in fines or even jail time. Large companies have a compliance officer or privacy officer to guide them thru the compliance and privacy maze. Smaller organizations must figure out what regulations apply to them and make sure they implement what is necessary to be compliant.

We’ll Help You Understand the Regulations and Get You Compliant

Our compliance team has the knowledge and experience to get the job done. The foundation of security and compliance is properly designing and maintaining your information technology. Flexible Systems is a hands-on technology company. We won’t just provide you with a bunch of recommendations; we’ll actually be able to implement the changes required to get your business compliant. We have helped hundreds of business with the following regulations:

Health Insurance Portability and Accountability Act (HIPAA)

What it Regulates: The primary objective is to protect the privacy of individual patients. Particular attention is paid to protecting the health care of people who are transitioning between jobs or people that have lost their jobs. HIPAA also mandates that healthcare providers transition from paper record keeping to electronic data.

Type of Businesses Affected: Any company that is a healthcare provider or any company that interacts with a healthcare provider in a way which would give them access to patient data.

Payment Card Industry Data Security Standard (PCI-DSS)

What it Regulates: Security of credit cards and credit card transactions.

Type of Businesses Affected: Any company that accepts or processes credit cards, and companies that store or transmit data related to credit cards.

New York State’s 23 NYCRR Part 500 (DFS)

What it Regulates: New York State’s 23 NYCRR Part 500, otherwise known as DFS, is a cybersecurity regulation passed down by NY’s Department of Financial Services (DFS) to promote the protection of customer information and the information technology systems of regulated entities.

Type of Businesses Affected: NY’s DFS regulation applies to all covered entities under the Department of Financial Services. Not sure if you’re a covered entity? Click here to see if your company is a New York State Department of Financial Services covered entity.

Defense Federal Acquisition Regulation Supplement (DFARS)

What it Regulates: DFARS is a government regulation that requires DoD government officials and their associated contractors to follow Department of Defense specific acquisition regulations when engaging in the procurement process for goods and services. This regulation enforces strict network security practices to protect technical information and computer software for all regulated government officials and their associated contractors.

Type of Businesses Affected: Organizations who are contractors or sub-contractors for government officials and agencies. If your organization is involved in the DoD supply chain, there is a good chance you may be subject to DFARS.

The General Data Protection Regulation (GDPR)

 What it Regulates: The primary objective of the GDPR is to protect the personal data of European Union (EU) citizens. Through the GDPR, the EU hopes to empower its citizens to control their personal data, particularly who has access to their data, how their data is processed, when their data is processed, and what happens to their data after it has been processed.

Type of Businesses Affected: Organizations who collect, process, store, and transmit personal data pertaining to EU citizens, regardless of the geographical location of the organization. To be more specific, personal data is any information relating to a person, that contains an identifier such as a name, an ID number, location data, an online identifier, or factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of an individual.

 

Quesitons About Compliance? Call (631) 756–0404