Business 
Information Compliance

Solutions & Services

GOVERN - IDENTIFY - PROTECT - DETECT - RESPOND - RECOVER

Compliance Solutions & Services

Manage and automate your compliance frameworks

SOC 2

Service Organizational Control 2 (SOC 2) framework is a procedure for auditing service-oriented companies to assure their customers of a high-level security posture (including priviacy processing integrity, availability and others) when using those services. This is in lieu of performing your own audit on those service providers.

PCI DSS

The Payment Card Industry Data Security Standard (PCI DSS) is a checklist of expected security standards designed to ensure that companies who collect process, store, or transmit credit card information maintain a secure environment to prevent disclosure and misuse of the credit card information.

ITGC (SOX)

IT General Controls (TIGC) is a framework of general IT and security controls that are recommended to implement to properly manage IG systems and processes. This framework is commonly used by traded companies as part of their Sarbanes-Oxley Act processes, and also by organizations implementing the CobiT framework.

ISO 27001

ISO/IEC S27001:2013 specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system within the context of the organization

ISO/IEC 27017

ISO/IEC 27017:2015 is the code of practice for cloud service customers and providers wishing to incorporate their cloud security into the SMS (for certified ISO 27001 organizations).

CSA STAR

Cloud Security Alliance (CSA) Security, Trust, Assurance and Risk (STAR) is a security-centric framework that allows cloud service providers (CSPs) to attest to, or be audited against, a cloud control matrix (CCM), which is now in its 4th iteration.

HIPAA

The Health Insurance Portability and Accountability Act of 1996 is a United States federal statute meant to provide assurance to US citizens that their healthcare information is collected, processed, stored, and transmitted for their health benefit and in a secure manner.

ISO 22301

ISO 22301 specifies requirements to implement, maintain and improve a business continuity management system to protect against, reduce the likelihood of the occurence of, prepare for, respond to, and recover from disruptions when they arise.

ISO-IEC 27001:2022

Specifies the requirements for establishing, implementing, maintaining, and continually improving an information security management system within the context of the organization.

ISO-IEC 27018

ISO/IED 27018:2019 is a common set of security categories and controls that can be implemented by a public cloud computing service provider acting as a PII processor, wishing to incorporate it into the ISMS (for certified ISO 27001 organizations)

CSA CoC - GDPR

Cloud Security Alliance (CSA) Code of Conduct is a privacy-centric framework that allows cloud service providers (CSPs) to attest to, or be audited against, a Code of Conduct for achieving GDPR compliance (when combined with a minimum security baseline, such as the CSA STAR).

SCF - EU GDPR

Secure Controls Framework (SCF) EU GDPR Compliance Criteria (EGCC) provides a "paint by numbers" approach to complying with GDPR, since GDPR is leveraging work that should already have been done through existing cybersurity and privacy program.

Receive a Custom Quote

Integrated Framework

Compliance evidence is automatically linked to relevant controls across various frameworks so that you can easily grow your Compliance program.
SCHEDULE A CONSULTATION

Manage and automate more of your compliance frameworks

NIST 800-171

Aims to protect controlled unclassified information (CUI) in non-federal systems and organizations.

NIST CSF

NIST Cybersecurity Framework (CSF) is a high-level framework aiming to assist organizations in managing cybersecurity risk. It can be implemented in a customizable manner.


NYDFS Part 500

The New York State Department of Financial Services published Cybersecurity Regulation (commonly known as Part 500) that applies to organizations operating under the Banking Law, the Insurance Law, or the Financial Services Law (considered "covered entities").

TISAX ISA

The Information Security Assessment (ISA) is an information security requirements catalog based on key aspects of the international standard ISO/IEC 27001. It is used by companies both for internal purposes as well as assessments by suppliers and service providers who process sensitive information from their respective companies.

PCI-DSS SAQ A-EP

PCI DSS Self-Assessment for 'Partially Outsourced E-commerce Merchants Using a Third-Party Website for Payment Processing'.

PCI-DSS SAQ A

PCI DSS Self-Assessment for 'Card-not-present Merchants, All Cardholder Data Functions Fully Outsourced'.

CIS v8

The CIS Critical Security Controls (CIS Controls) are a prioritized set of Safeguards to mitigate the most prevalent cyber-attacks against systems and networks.

Open Finance DSS

OFDSS establishes a common framework for consumer data security, privacy, and control that also supports innovation among new and emerging cloud-native, digital finance companies.

CMMC

The Cybersecurity Maturity Model Certification (CMMC) program is aligned to United States Department of Defense (DoD) information security requirements for Defense Industrial Base(DIB) partners. It is designed to enforce protection of sensitive unclassified information that is shared by the Department with its contractors and subcontractors. 

Custom Framework

Power your custom framework with data and automation to mature your Compliance posture with efficiency.

Powered By:

InfoGov.com

Receive a Custom Quote

Contact Us

Share by: