Get Compliant with Information Security Laws and Regulations
Any organization that handles sensitive information — whether personal information, critical infrastructure systems, financial information, intellectual property or sensitive government information — is subject to laws and regulations for protecting that information.
The common requirement of HIPAA, Meaningful Use, Massachusetts CMR 17.00, FISMA, GDPR, CIP, PCI DSS or Gramm Leach Bliley is that each organization must select its controls based on a risk assessment and must oversee the effectiveness of those controls using risk management.
HALOCK assists organizations in understanding the laws and regulations that they must follow to protect information, and guides them through compliance via the risk assessment and risk management processes.
We provide compliance services for the following requirements:
- PCI DSS
- HIPAA Security Rule and Meaningful Use
- Massachusetts 201 CMR 17.00 and state breach laws
- Gramm-Leach-Bliley Safeguards Rule (GLBA)
- 23 NYCRR Part 500 (NYDFS)
- NERC CIP
- ISO 27001
- FISMA (Federal Information Security Management Act)
- DoCRA (Duty of Care Risk Analysis)
- The California Consumer Privacy Act (CCPA)
- Many others, including requirements placed on organizations for reducing cyber security risks after data breaches occur
UPDATE: The SEC’s new rules on Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure require public companies to describe their cybersecurity programs in their periodic reporting and how they manage RISK.
HALOCK prepares our clients for risk management by developing their unique criteria for assessing risk and accepting risk. HALOCK conducts a risk assessment for the client by considering how effective foreseeable threats would be in their environment, and estimating the likelihood and impacts of those threats. When risks evaluate as too high, HALOCK recommends safeguards that evaluate as “reasonable” in the client environment, given their mission, their objectives, and their obligations.
“Great job as always.”
– Research University
PCI WEBINAR SERIES
PCI DSS v3.2.1 expires on March 31, 2024. With 64 new requirements in PCI DSS v4.0, companies have a lot to consider in preparation for the coming deadline. In our 5-part PCI Webinar Series, from April 27-June 1, 2023, learn about the general changes to 4.0, new requirements, best practices, and how an increased focus on risk evaluations in this new version will be a driving force for security and compliance.
Join Viviana Wesley, CISM, PCI QSA, ISO 27001 Auditor and HALOCK Principal Consultant to review key updates and next steps to support your transition to PCI DSS v4.0.
Learn more about our comprehensive Risk Management Program to help prioritize your investments while balancing your security, compliance, and business obligations.
Learn how to establish reasonable security.