Approaching Security through Continuous Improvement
assurance complaince risk process culture technology
Compliance is not a one time event. It requires an ongoing effort to maintain compliance.
Through the application of our methodology, NCA can assist you in becoming and maintaining compliance with:
PCI DSS — Payment Card Industry Data Security Standard
In response to growing credit card fraud, the payment card industry established a set of security requirements for companies processing, storing, or transmitting credit card numbers.
GLB — Gramm-Leach-Bliley
Federal law aimed at the financial services industry focusing on the protection of personal information and management of third-parties affiliates who have access to that information.
HIPAA — Healthcare Insurance Portability & Accountability Act
A Federal regulation covering the protection of healthcare insurance information. It requires a comprehensive set of security safeguards and enforces strict obligations upon covered entities.
SSB 6043 (WA) SB 1386 (CA) — privacy disclosure laws
State legislation that requires entities to promptly inform customers if their personally identifiable information has been subjected to identity theft.
SOX — Sarbanes-Oxley Act
In response to the vast tampering of public financial records, the Federal government created legislation requiring publicly traded entities to enact controls around accounting and internal messaging systems.
FERC/NERC CIP 002-009 — Critical Infrastructure Protection
NERC (N. American Electric Reliability Council) created an auditable guide for the protection of electrical systems in North America covering a variety of areas related to cyber security. Initial compliance auditing for US Energy and Utility companies began in early 2007.
FISMA — Federal Information Security Management Act
A federal mandate requiring the head of each federal agency to provide information security protections commensurate with the risk and the magnitude of the harm that may result from unauthorized access, use, disclosure, disruption, modification or destruction of its information and information systems.
FRCP — Federal Rules on Civil Procedures
Defines procedures to address eDiscovery for evidence in legal cases.
