Skip to main content

Security & Privacy Regulations

Whether you are looking to grow, seek investment, partner or provider services to a third-party, lower your insurance premium, respond to regulatory or other third-party audits, or merely lower your general regulatory risk profile, the key to success is our trusted third-party assessment and certification service.  We assess and certify Clients to a wide range of frameworks and standards including healthcare, finance, legal, retail, and government & Public sector.

Healthcare

  • HIPAA (Health Insurance Portability and Accountability Act)  Protects health information and enforces privacy and security standards in healthcare.
  • GDPR (if applicable):  European regulation that governs personal data protection and privacy rights.
  • HITECH Act

Financial Services

  • GLBA (Gramm-Leach-Bliley Act):   Requires financial institutions to protect consumers' personal financial information.
  • SOX (Sarbanes-Oxley) : U.S. law requiring corporate accountability, including IT controls and auditability.
  • PCI DSS : Security standards for handling credit card data and protecting cardholder information.
  • GDPR : European regulation that governs personal data protection and privacy rights
  • SEC Cyber Rules

Retail & eCommerce

  • PCI DSS (Payment Card Industry Data Security Standard): Security standards for handling credit card data and protecting cardholder information.
  • GDPR: European regulation that governs personal data protection and privacy rights.
  • Nebraska Privacy Act
  • Texas privacy act
  • FTC Act

Education

  • FERPA (Family Educational Rights and Privacy Act)  Protects the privacy of student education records in educational institutions.
  • COPPA Protects personal information of children under 13 collected by websites/apps.
  • GDPR (for EU citizens) European regulation that governs personal data protection and privacy rights.
  • CIPA

Government & Public Sector

  • FISMA (Federal Information Security Management Act)  Federal law that requires government agencies to secure information systems.
  • FedRAMP Security authorization program for cloud services used by U.S. federal agencies.
  • NIST 800-53  U.S. federal standard for securing information systems and managing risks.
  • GDPR :  European regulation that governs personal data protection and privacy rights.
  • CUI Guidelines

Technology & SaaS

  • GDPR  European regulation that governs personal data protection and privacy rights.
  • CCPA  California law giving consumers rights over their personal data collected by businesses.
  • SOC 2 Framework for managing customer data based on five trust principles (security, availability, etc.).
  • ISO/IEC 27001 International standard for information security management systems (ISMS).
  • FTC Act

Manufacturing & Industrial

  • NIST Cybersecurity Framework    
  • CMMC (for DoDcontractors) Cybersecurity framework for Department of Defense contractors handling sensitive data.
  • GDPR (if global) European regulation that governs personal data protection and privacy rights.
  • CIPA

Telecommunications

  • CPNI (Customer Proprietary Network Information) 
  • FCC Regulations 
  • GDPR  European regulation that governs personal data protection and privacy rights.

Energy & Utilities

  • NERC CIP (Critical Infrastructure Protection) Standards to protect the electric grid from cyber and physical threats.
  • FERC 
  • DOE Cybersecurity Standards

Legal Services

  • ABA Model Rules (Confidentiality)
  • GDPR European regulation that governs personal data protection and privacy rights
  • CCPA California law giving consumers rights over their personal data collected by businesses.

Nonprofit/NGO

  • GDPR European regulation that governs personal data protection and privacy rights
  • CCPA (if handling donor/user data in CA) California law giving consumers rights over their personal data collected by businesses.
  • State-level privacy laws

Real Estate

  • GLBA (if handling financial data) Requires financial institutions to protect consumers' personal financial information.
  • CCPA California law giving consumers rights over their personal data collected by businesses.
  • PCI DSS (if accepting payments) Security standards for handling credit card data and protecting cardholder information.

Media & Entertainment

  • DMCA  U.S. law that protects digital copyright and outlines rules for online content.
  • GDPR  European regulation that governs personal data protection and privacy rights.
  • CCPA California law giving consumers rights over their personal data collected by businesses.
  • COPPA (if targeting children) Protects personal information of children under 13 collected by websites/apps.

Law 40: Puerto Rico Cybersecurity Act

Every agency and every contracted service provider must comply —and ensure that every natural or legal person who does business or contracts with them also complies— with at least the minimum Cybersecurity Standards and Principles.  As one of the innovators of the Puerto Rico Cybersecurity Act, our team is uniquely qualified to audit your organization’s compliance. To learn more about Act 40 and additional regulations, click On "I want to know more"

I want to know more