Contact an eDiscovery Specialist    call (888) 881-8406    fax (888) 422-6851

Information Security & Compliance

Every day the media is reporting a new company that has suffered a security breach. When these breaches occur, the cost to the company can be overwhelming resulting in expense to forensically investigate the breach, cost to establish new measures to ensure the same type of breach does not happen again, legal fees, punitive fees, and unknown costs in reputation repair. No company thinks this will happen to them. However, even the most knowledgeable IT managers, security administrators, and CIO's are experiencing breaches under their watch. We find over and over again, that even the best-run IT departments suffer from lapses in security that are best seen from a third party perspective. Security must be approached from a technical, legal, and human resources point of view. Our security professionals have extensive experience in these areas with some of the most prominent companies in the world.

If you have suffered a breach, we can immediately help you through the crisis to close off unauthorized information flow out of the company, determine the point of the breach, and determine the information accessed. These steps are critical in the moments after it is learned that an attack has occurred. We work closely with lawyers who specialize in data privacy to make sure the steps you are taking put your company in the best position to defend itself later if it must.

While mitigating the damage from security breaches is important, companies are learning that proactively doing third party security audits and being in compliance with industry standards save cost in the long run compared to the costs of waiting for a security breach to occur. If you need to comply with an industry standard or legal requirement, we can help you get prepared for the certification process so you can pass smoothly. We work with you to make the process as painless as possible and institute policies and procedures in your company to not only be in compliance, but be as secure a reasonably possible in your business environment. If your company must meet compliance in one of the areas below, call us now.

PCI DSS

Organizations that store, process or transmit payment card data, such as merchants and service providers, need to comply with the Payment Card Industry Data Security Standard (PCI DSS) to protect cardholder data (CHD).

PCI PA-DSS

Payment application vendors need to validate against the requirements of the PCI Payment Application Data Security Standard (PA-DSS), which supports merchant compliance with the PCI DSS.

GLBA

Financial institutions are required by law to comply with the Gramm-Leach-Bliley Act (GLBA) and maintain proper security controls to protect consumer financial privacy.

HIPAA/HITECH

Health care institutions are required by law to protect the privacy of protected health information (PHI) in accordance with the Health Insurance Portability and Accountability Act (HIPAA).

SSAE 16 (SAS 70)

Outsourced service providers that touch another organization's data undergo a Statement on Standards for Attestation Engagements No. 16 (SSAE 16) to demonstrate how client data is safeguarded.

SEC Regulation S-P Rule 30

Financial service firms are required to have policies and procedures addressing the protection of customer information and records. This includes protecting against any anticipated threats or hazards to the security or integrity of customer records.