Infradapt can perform a risk mitigation and regulatory compliance assessment offered to organizations that are willing to meet stringent requirements for security, operational risk management and compliance. Infradapt has the knowledge and expertise to handle the following Regulatory Compliance Standards.
| LEGISLATIVE REGULATORY COMPLIANCE |
 |
HIPAA - Health Insurance Portability and Accountability Act of 1996
Administrative simplification: prior to HIPAA, 400 different electronic formats
Privacy: minimum necessary access, uses and disclosures
Security: data integrity, physical office security, contingency planning |
|
SOX - Sarbanes-Oxley Act of 2002
Sarbanes Oxley is a US law passed in 2002 to strengthen Corporate Governance and restore investor confidence. Sarbanes Oxley legislation is wide ranging and establishes new or enhanced standards for all US public company boards, management, and public accounting firms. |
|
GLBA - Gramm-Leach-Bliley Act – Privacy of Consumer Financial Information
The Gramm-Leach-Bliley Act has privacy provisions relating to consumers' financial information. Under these provisions, financial institutions have restrictions on when they may disclose a consumer's personal financial information to nonaffiliated third parties. Financial institutions are required to provide notices to their customers about their information-collection and information-sharing practices The GLB Act provides specific exceptions under which a financial institution may share customer information with a third party. |
|
FERPA - Family Educational Rights and Privacy Act
The Family Educational Rights and Privacy Act (FERPA) (20 U.S.C. § 1232g; 34 CFR Part 99) is a Federal law that protects the privacy of student education records. |
|
| INDUSTRY REGULATORY COMPLIANCE |
|
PCI – CISP - Cardholder Information Security Program
CISP is intended to protect Visa cardholder data – wherever it resides – ensuring that members, merchants, and service providers maintain the highest information security standard. |
|
SAS70 - Statement on Auditing Standards No. 70
SAS70 is an internationally recognized auditing standard developed by the American Institute of Certified Public Accountants (AICPA). SAS70 is the authoritative guidance that allows service organizations to disclose their control activities and processes to their customers and their customers' auditors in a uniform reporting format. |
|
ISO-17799
A comprehensive set of controls comprising best practices in information security. It comprises two parts – a code of practice (ISO17799) and a specification for an information security management system (BS7799-2). This is an internationally recognized generic information security standard. |
|
|
|