Compliance and Cyber Security
NY State SHIELD Act (Stop Hacks and Improve Electronic Data Security)
The SHIELD Act, signed into law on July 25, 2019 by Governor Andrew Cuomo, amends New York’s 2005 Information Security Breach and Notification Act. The Shield Act significantly strengthens New York’s data security laws by expanding the types of private information that companies must provide consumer notice in the event of a breach, and requiring that companies develop, implement, and maintain reasonable safeguards to protect the security, confidentiality and integrity of the private information.
-Source: NY Attorney General
CMMC (Cybersecurity Maturity Model Certification)
CMMC stands for “Cybersecurity Maturity Model Certification” and is a unifying standard for the implementation of cybersecurity across the Defense Industrial Base (DIB). The CMMC framework includes a comprehensive and scalable certification element to verify the implementation of processes and practices associated with the achievement of a cybersecurity maturity level. CMMC is designed to provide increased assurance to the Department that a DIB company can adequately protect sensitive unclassified information, accounting for information flow down to subcontractors in a multi-tier supply chain.
HIPAA (Health Insurance Portability and Accountability Act)
To improve the efficiency and effectiveness of the health care system, the Health Insurance Portability and Accountability Act of 1996 (HIPAA), Public Law 104-191, included Administrative Simplification provisions that required HHS to adopt national standards for electronic health care transactions and code sets, unique health identifiers, and security. At the same time, Congress recognized that advances in electronic technology could erode the privacy of health information. Consequently, Congress incorporated into HIPAA provisions that mandated the adoption of Federal privacy protections for individually identifiable health information.
-Source: Health Information Privacy
NIST (National Institute of Standards and Technology)
The Framework focuses on using business drivers to guide cybersecurity activities and considering cybersecurity risks as part of the organization’s risk management processes. The Framework consists of three parts: the Framework Core, the Framework Profile, and the Framework Implementation Tiers. The Framework Core is a set of cybersecurity activities, outcomes, and informative references that are common across critical infrastructure sectors, providing the detailed guidance for developing individual organizational Profiles. Through use of the Profiles, the Framework will help the organization align its cybersecurity activities with its business requirements, risk tolerances, and resources. The Tiers provide a mechanism for organizations to view and understand the characteristics of their approach to managing cybersecurity risk.
-Source: NIST Cyber Security Framework
ISO (International Organization for Standardization)
ISO/IEC 27002:2013 gives guidelines for organizational information security standards and information security management practices including the selection, implementation and management of controls taking into consideration the organization’s information security risk environment(s).
-Source: ISO (ISO/IEC 27002:2013)
Need help with a compliance that is not listed here?
Above are some of the most common compliances businesses typically encounter. We also offer support for any information technology based compliance out there. Even if you are working with a different company for compliance, we still offer assistance with any technical remediation’s that may be necessary to gain compliance.