Compliance

The Tech Info Group takes compliance very seriously, no matter what business field our clients are in.  Whether it is PCI compliance with Online Businesses or HIPAA Compliance with Medical Offices, we ensure our customer’s compliance.

HIPAA (Health Insurance Portability and Accountability Act) IT Compliance Analysis and Implementation

complianceThe Administrative Simplification provisions of the Health Insurance Portability and Accountability Act of 1996 (HIPAA, Title II) required the Department of Health and Human Services (HHS) to establish national standards for electronic health care transactions and national identifiers for providers, health plans, and employers, and addressed the security and privacy of health data. To successfully sustain HIPAA compliance, organizations must implement best practices to ensure IT systems not only achieve a known and trusted state but they also maintain said state.

Risk analysis identifies areas that need to be addressed for HIPAA security compliance as well as all gaps that may be exploited by insider and outsider attacks. Organizations must conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity and availability of electronic protected health information (e-PHI). Risk analysis is a process whereby relevant assets and relevant threats are identified, and cost-effective security/control measures are identified or engineered, in order to effectively balance the costs of various security/risk mitigation/control measures against the losses that would be expected if these measures were not in place. Threats and risks are real. Each entity needs to identify and prioritize risks and threats.

A thorough risk assessment should identify the system vulnerabilities, threat, and current controls and attempt to determine the risk based on the likelihood and threat impact. These risks should then be assessed and a risk level assigned, such as high, medium, or low.

Financial/Sarbanes-Oxley IT Compliance Analysis and Implementation

Compliance doesn’t have to be a struggle. In either implementation of Sarbanes-Oxley or establishing a sustainable compliance program, TTIG has assisted leading companies in a wide variety of industries in assessing, designing, implementing and maintaining an effective internal control process in both finance and information technology.

Sarbanes-Oxley (SOX):

With SOX penalties and fines as high as  20 years in prison and up to $15 million it is imperative that our clients are responsible for how they store large volumes of data, and the speed in which they can access this data. To successfully sustain SOX compliance, organizations must implement best practices to ensure IT systems not only achieve a known and trusted state but they also maintain said state. Management must be more accountable and aware of the need for a continuous and proactive operational risk management environment that recognizes the links between its technology infrastructure, business processes, compliance, and internal controls. The Tech Info Group is able to build a robust and affordable storage solution for our clients that automatically backs up large volume of data, all while making their data more permanent, secure, auditable and accessible.

Payment Card Industry (PCI):

The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements designed to ensure that ALL companies that process, store, or transmit credit card information maintain a secure environment. PCI applies to ALL organizations or merchants, regardless of size or number of transactions, that accepts, transmits, or stores any cardholder data. Said another way, if any customer of that organization ever pays the merchant directly using a credit card or debit card, then the PCI DSS requirements apply. The payment brands may, at their discretion, fine an acquiring bank $5,000 to $100,000 per month for PCI compliance violations. The banks will most likely pass this fine on downstream till it eventually hits the merchant. Furthermore, the bank will also most likely either terminate your relationship or increase transaction fees.  Penalties are not openly discussed nor widely publicized, but they can be catastrophic to a small business. It is important to be familiar with your merchant account agreement, which should outline your exposure.