Compliance Management
Do you need to comply with regulations governing security and privacy of
your data?
Are you entering a new geographic or product/service market that may require
you to comply with new regulations?
Did you know that you can save up to 50% of your compliance budget with an
objective pre-audit and gap assessment?
The requirement to comply with government and industry regulations can put significant pressure on an organization; this pressure increases when cross-border issues emerge and the organization must comply with regulations from multiple (and possibly competing) jurisdictions.
Digital Defence's Compliance Management service identifies the relevant compliance frameworks, educates employees about regulatory requirements, identifies gaps between current practices and regulated ones, and delivers a mediation plan that prioritizes items and identifies cost and time requirements. A scorecard approach, which supports performance metrics, allows you to measure your progress to compliance.
Using a proprietary methodology, which maps the standards to existing and planned business processes, we can highlight the benefits of policy compliance and facilitate its acceptance across an organization.
Service Description
Most organizations understand the "why" of regulatory compliance; DigitalDefence focuses on the "how" - specifically, how to rapidly achieve sustainable compliance in the most cost-effective manner. We support the following security and privacy regulations, frameworks, and standards:- Canadian security standards, including the Canadian Federal Government Security Policy, Province of Ontario Information and Technology Standards, especially GO-ITS 25, and other provincial standards
- Canadian privacy standards, including PIPEDA and provincial and municipal standards - including proposed regulations governing reporting of security and privacy breaches
- International standards and directives, including:
- California Senate Bill 1386 (the “Breach Act), and similar state statutes
- Health Insurance Portability and Accountability Act of 1996, HIPAA
- Health Information Technology for Economic and Clinal Health Act of 2009, HITECH
- Sarbanes-Oxley Act, SoX
- PCI DSS
- Control Objectives for Information and Related Technology, CobiT
- ISO 27001:2005
- California Senate Bill 1386 (the “Breach Act), and similar state statutes
Resources
Advisory Services
Any effective information security program requires executive leadership and active commitment in order to succeed. Unfortunately, many organizations lack the time and resources to devote to security leadership. DigitalDefence’s Advisory Services are designed to give your organization the quick start and structured support to develop and maintain your security program. (457 KB)
... VIEW