Regulatory compliance is often the primary driving factor behind many of an organization's security initiatives. State and federal laws as well as industry requirements are leveraging fines and penalties in an effort to move companies in the right direction when it comes to protecting sensitive information. Constantly evolving legislation and ambiguous language introduces a considerable challenge for responsible organizations seeking compliance. Praetorian provides compliance development and assessment services to ensure an organization's efforts are both meaningful and effective. Offerings are targeted for PCI, HIPAA, FERPA, SOX, and GLBA.
Praetorian provides compliance development and assessment services for PCI, HIPAA, FERPA, SOX, and GLBA to ensure an organization's efforts are both meaningful and effective.
PCI, HIPAA, FERPA, SOX, and GLBA Compliance
The Health Insurance Portability & Accountability Act (HIPAA) demands much attention, resources, and money from the covered organizations to remedy their existing and planned systems and processes where protected health information (PHI) is involved. While security and privacy are linked intrinsically, it is the application of the appropriate security controls that actually helps to mitigate the risks associated with the identified threats to stored or transmitted PHI data.
The Sarbanes-Oxley (SOX) Act of 2002 is a United States federal law passed in response to a number of major corporate and accounting scandals including those affecting Enron, Tyco International, and WorldCom (now MCI). These scandals resulted in a decline of public trust in accounting and reporting practices. The Act also covers issues such as auditor independence, corporate governance and enhanced financial disclosure.
The payment card industry (PCI) is comprised of credit card companies such as Visa, MasterCard, and Discovery who banded together to create industry requirements with the goal of reducing theft and fraud of payment card information. Praetorian can assist retailers and merchants comply with certain requirements within the PCI DSS.
The Family Educational Rights and Privacy Act (FERPA) was enacted in August of 1974 to protect student education records and pertains to any school, either K-12 or higher education, public, or private, that receives funds under any program from the U.S. Department of Education. Most public and private U.S. schools fall under FERPA and IT staff who work for these institutions must understand FERPA's provisions to ensure compliance.
The Gramm-Leach Bliley Act (GLBA) gives the authority to eight federal agencies to administer and enforce the Financial Privacy Rule and the Safeguards Rule. While the Financial Privacy Rule governs the collection and disclosure of personal financial information, the Safeguards Rule requires financial institutions that receive information from customers and other financial institutions to implement and maintain safeguards to protect customer information.