Compliance

Compliance is at the core of our business, with particular strengths around PCI and HIPAA. Since these regulations were first released, our consultants have been at the forefront of their implementation, audit, and validation.

One of the biggest challenges we have seen in the industry is compliance across multiple standards e.g. PCI, HIPAA, SoX, GLBA. Through targeted services, we can help untangle the compliance maze. Your team will receive clear and measurable tasks from our compliance and project management experts so that you can achieve regulatory & security goals while keeping costs down.

Our compliance services include:

  • GLBA
  • HIPAA
  • Corporate Privacy
  • PCI-DSS

GLBA

“Because that’s where the money is” – basis of Sutton’s Law

This quote reflects the obvious fact that banks hold large amounts of currency. What also became obvious, many years after this axiom was first penned, is that financial institutions would again become the targets of pilfering of a new type of currency: personal information. In this day and age of digitalization, it is easier than ever to transact in bits and bytes. Most financial transactions are performed in digital manner, and account information is also stored and transferred in digital format.

The Gramm-Leach-Bliley Act aimed to resolve some of the issues plaguing financial institutions by establishing a minimum set of baselines for the protection of such information. While privacy seems to be the primary focus of the GLBA, the Act contains financial institution safeguards that extend information security into the mandates covered by the Act. The controls called for in the standard mention privacy, integrity and security in general. A follow up set of guidelines issued by the Federal Reserve prescribe targeted periodic reviews of compliance against such standards.

Opsec Media Networks can help you establish the necessary controls to meet GLBA compliance. In the event that you are already certified, we can help you validate that the controls are effective for the current state and threat level that the data may be facing.

HIPAA

Opsec Media Networks is well aware of the challenges faced by the Healthcare industry in regards to HIPAA compliance and is committed to help organizations overcome these challenges by implementing a new approach based on business realities and company specifics.

Opsec Media Networks’s HIPAA/HITECH Assessment includes 300 controls, targeting “required” and “addressable” controls. We do not target only ePHI Environment, we go a step further by looking at your Security Strategy and its Development process. In a comprehensive manner, Opsec Media Networks consultants audit across all required areas including Incident Notification as well as Encryption Solutions deployed where PII exists internally and with your current Business Associates (BA). Lastly, to ensure the best return on investment, we look at IT Operational Effectiveness while remaining mindful of overall risks and your ITSM framework.

As it relates to remediation, Opsec Media Networks can help you get compliant quickly and cost effectively. We help Healthcare organizations design and implement a series of administrative, physical, and technical safeguards targeted to ensure the confidentiality, integrity, and availability of electronic protected health information.

Corporate Privacy

Avoid. Mitigate. Transfer. ⇒ Those are the best things that can be done with risk before an event impacts you.

Minimize. Accept. ⇒ These are the less acceptable but necessary counterparts in any risk mitigation strategy.

To this end, almost any non-governmental entity that engages in commerce and owns or licenses personal information of residents of the Commonwealth of PR must comply with this Regulations that had a proactive component besides the expected post-breach notification demands.

The proactive preparations are critical to meet compliance. Opsec Media Networks will help you with:

  • Security policy development, review and implementation
  • Vulnerability scans
  • Employee training program development
  • Evaluation of service providers’ compliance
  • Security architecture development and implementation
  • Penetration Tests
  • Periodic risk evaluations
  • Evaluation of encryption requirements and products

PCI-DSS

Members of Opsec Media Networks have been working with PCI-DSS since before its inception. We have helped organizations comply with the mandates brought forth initially by the VISA CISP and Mastercard’s SDP Programs.

We concentrate our efforts on pre-audits and remediation for Level 1 compliance and a range of services for Levels 2, 3 and even 4. We provide:

  • Compliance Guidance
  • Policy Development
  • Penetration Testing
  • Internal Vulnerability Scanning
  • Gap Remediation