We offer enterprise-wide, global IT governance organization and services for a broad range of data security and privacy regulations and compliance standards — including HIPAA, GLBA, PIPEDA, EU GDPR, Safe Harbour, and PCI-DSS.
Our control framework maps to associated frameworks like HITRUST CSF, AICPA Trust Principles, PCI-DSS, ISO27001, NIST 800 & CSF, and SANS/CIS.
We also engage third parties to independently assess compliance and security controls:
- SOC2/Type II on Data Security, Confidentiality, Availability and Common Security Framework
- Penetration Testing and External Security Testing
- Application Code Reviews