Compliance
CTS supports various compliance hosting solutions to help businesses of all sizes and industries. Our compliance services have enabled several institutions, companies, and eCommerce companies to offer safe and secure services across their platforms for all customers. Through our services, every customer is assured that their private data is safe, their finances are in good hands, and that the company they’re entrusting their data assets with complies with stringent compliance regulations.
Written Information Security Plan (WISP)
The Gramm-Leach-Bliley Act (GLBA) is a United States law mandating that financial institutions take measures to safeguard customer data. In order to enforce GLBA, the Federal Trade Commission (FTC) released the Safeguards Rule, which outlines the specific precautions necessary to ensure the security of customer information. One key requirement of the Safeguards Rule is the implementation of a Written Information Security Program (WISP).
Under the GLBA, tax and accounting professionals are classified as financial institutions, irrespective of their size. This rule applies not only to tax and accounting professionals but also extends to various other entities such as mortgage brokers, real estate appraisers, universities, nonbank lenders, and check cashing businesses.
To comply with the Safeguards Rule, the FTC mandates that each firm must:
- Designate one or more employees to oversee the coordination of its information security program
- Identify and evaluate risks associated with customer information within all relevant areas of the company’s operations. Furthermore, assess the effectiveness of existing safeguards in managing these risks.
- Develop and execute a safeguards program and regularly monitor and test its efficacy
- Select service providers capable of maintaining appropriate safeguards, with contracts requiring them to uphold these standards and oversee the handling of customer information
- Continuously assess and adapt the program as necessary, taking into account changing circumstances, such as shifts in the firm’s business or operations, or the results of security testing and monitoring
Not sure where to begin or have the resources to ensure you are compliant? Our team is experienced with implementing WISPs and will help you. Contact us to discuss partnering with our organization to develop your WISP.
Cybersecurity Maturity Model Certification (CMMC)
In September 2020, the Department of Defense (DoD) published an interim rule to the Defense Federal Acquisition Supplement (DFARS) which implemented the DoD’s initial plan for the CMMC program. This initial plan outlined the basic framework. This interim rule took effect on November 30, 2020, and called for a phase in period of five years. In November 2021, the DoD announced CMMC 2.0, an updated framework and requirements:
- Safeguard sensitive information to enable and protect the warfighter
- Enforce DIB cybersecurity standards to meet evolving threats
- Ensure accountability while minimizing barriers to compliance with DoD requirements
- Perpetuate a collaborative culture of cybersecurity and cyber resilience
- Maintain public trust through high professional and ethical standards
While CMMC is not mandatory at this time, it is expected to be by late 2024/early 2025 for all businesses holding contracts with the DoD. At CTS, we have the experience needed to assist you with becoming CMMC compliant. To discuss partnering with us to achieve your CMMC certification, contact us today.
Payment Card Industry Data Security Standard (PCI DSS)
When people interact with companies online, they are entrusting their sensitive personal data to companies – especially those that process payments using credit card information. This can be nerve-wracking for customers.
To remedy this, a set of requirements called the “Payment Card Industry Data Security Standard” or the “PCI DSS” was designed to provide a standard that secures payment information. Companies that require this information are given a Merchant ID (MID) which the PCI SSC (Payment Card Industry Security Standards Council), an independent body created by major payment card brands (such as MasterCard, VISA, etc.), manages.
We provide cybersecurity services to help you with your PCI compliance. Our qualified experts can assist your staff to avoid non-compliance risks. We can also protect your website from potential online threats and also offer data backup, email encryption and other high-level security solutions. Contact us to discuss how we can work together to fulfill your PCI compliance.
Health Insurance Portability and Accountability Act (HIPAA)
Another type of sensitive information that needs protection is patient data from hospitals and other healthcare facilities. Because this data is as crucial as any other, it needs the right amount of safeguarding and security measures to make sure data breaches are not a concern. Companies, businesses, and institutions who provide/support treatment, perform healthcare operations, or have access to payment and/or patient records must comply with HIPAA requirements.
We provide high-level data protection to meet HIPAA standards. Our cybersecurity specialists can perform a thorough evaluation of your company’s PHI databases. CTS offers services to perform data backups, email encryption, and apply effective security solutions. Contact a CTS consultant to discover how to ensure HIPAA compliance for your company.
We're Here To Help!
Office
2033 N. Milwaukee Ave, Suite 351
Riverwoods, IL 60015