IT Compliance

CMMC – The Cybersecurity Maturity Model Certification (CMMC) which was created by the Department of Defense (DoD) is a compliance that is required for contractors working with the DoD. CMMC takes the framework from those NIST standards and the Defense Federal Acquisition Regulation Supplement (DFARS) 252.204-7012 to help protect sensitive information.

DCAA – The Defense Contract Audit Agency (DCAA) is the government agency that is responsible for auditing the Department of Defense (DoD) contracts. This compliance was created to verify that financial and accounting data is accurate and not falsified in any way.

HIPPA – HIPPA compliance is the standard for the healthcare industry.  HIPAA compliance helps keep sensitive patient information secure. In order to be HIPPA compliant, a medical organization must show proof that all patient information is secure and only authorized individuals have access to it.

PCI – Any company which processes credit card payments may need to comply with the Payment Card Industry Data Security Standard (PCI-DSS). This compliance is used to prevent fraudulent credit card transactions and to secure financial data.

NIST – Any business that works with the federal or state agencies (including the Department of Defense) must follow NIST compliance. NIST which was created by the National Institute of Standards and Technology is a set of IT security compliance standards that protect sensitive unclassified information. This compliance covers requirements such as encryption of data, access control, risk assessment, data management, and other critical cybersecurity issues.

SOC2 – Systems and Organization Controls 2 or SOC 2 was developed by the American Institute of CPAs (AICPA). SOC 2 is a type of IT security compliance for service providers which defines criteria for managing customer data.

SOX – The Sarbanes-Oxley Act, which is referred to as SOX, is IT compliance that sets the standards which help prevent manipulation and mismanagement of financial reports. With IT Sox compliance, companies must have all their financial data stored securely and any type of access to it must be controlled. This compliance is confirmed by an audit by a third party.

ISO/ IEC 27001 – is one of the popular information security management systems (ISMS) standards. ISO/ IEC 27001 provides a set of guidelines on how organizations can secure data such as intellectual property, employee details, financial information, or any other sensitive data. Being ISO/ IEC 27001 certified is usually not mandated but many organizations choose to become certified to give their customers peace of mind that their data is secure.

GDPR – The General Data Protection Regulation (GDPR) Privacy Law became enforceable on May 25, 2018, by the European Union. The law was aimed at helping individuals have more control over the protection of their personal data. Organizations worldwide must abide by it if they collect, store or use any personally identifiable information of any European Union resident. This applies to both electronic and paper records.

If you are unsure which IT security compliance your business needs to abide by, give us a call. Our IT compliance experts are here to help make sure that your IT systems are secure and ready for any potential audit.