Information Security Consulting, Integration, Project Management

Security Standards

In today's global economy, organizations must demonstrate that they have adequate controls and safeguards when they host or process data belonging to their customers. Some of these industry standards have the force of law, while others are more informal. In either case, failing to meet the standard can have disastrous effects. Do any of these apply to you?

  • HIPAA - Established national standards for electronic health care transactions and national identifiers for providers, health plans, and employers. It also sets the standard for security and privacy of health data that all health providers must meet. We can help you successfully meet your HIPAA requirements.

  • GLBA - The Graham-Leach-Bliley Act (GLBA), also known as the Financial Services Modernization Act of 1999, provides privacy protections against the sale of private financial information. Additionally, the GLBA codifies protections against pretexting, the practice of obtaining personal information through false pretenses. This law sets the standard for protecting the privacy that must be met in the financial community. We can help financial institutions successfully meet their GLBA and other regulatory security requirements. 

  • ISO/IEC 17799:2000 - The Code of Practice for Information Security Management. This is the international standard specification for measuring how well an organization is meeting it’s security needs. This is how enterprises that are serious about identifying and meeting their security needs go about the process. This standards measures and defines how a organizations monitor and control their security, minimizing the residual business risk and ensure that security continues to fulfill corporate, customer and legal requirements. Are you considering an ISO 17799 Audit? We can help.

  • Industry Best Practices - Can you tell your share holders, partners, or investors that you are doing a good job of protecting your information assets? Are you spending too much or too little on security? How well protected are you if someone were to make a claim against you based on the loss of control of information? Information security best practices for companies or corporations that are not regulated by law to follow certain standards but must protect proprietary information can help with these issues. We can help you find the security practices that apply to you and help you implement them.

  • SAS70 - The requirements of Section 404 of the Sarbanes-Oxley Act of 2002 make it more important than ever that service organizations have successful SAS70 audits. The IT security portion of the SAS70 audit can be a challenge for organizations to pass.  We can help you pass the IT security portion of the SAS70 audit.
Copyright © 2004 IBG, LLC