Failure to comply with Federal regulations such as HIPAA or Sarbanes-Oxley can subject an organization to felony charges which may include fines of up to $750,000 and up to 20 years in prison, or both, along with a myriad of civil liabilities and potential, class-action lawsuits by injured parties.  Further complicating the regulatory scene is the fact that many of the 50 states also have differing legislative requirements and legal tests.  Not to mention that if your organization fails to follow privately agreed-to standards such as those from the Payment Card Industry (PCI) this could risk not being permitted to accept credit cards or facing a merchant fee increase of one or two percent (manifesting itself as an immediate one to two percent reduction in gross, annual revenue).  This does not even take into account the cost of other professionals and attorneys that would be required to perform forensic and legal reviews in order to recertify your organization as, “compliant” or that such violations further expose the perpetrator to legal notification requirements and civil lawsuits by injured parties:

 

A list of some of the legal regulations and industry standards that pertain to California are provided below:

 

  • Health Insurance Portability and Accountability Act (HIPAA)

  • Federal Information Security Management Act (FISMA)

  • Sarbanes-Oxley Act of 2002 (SOX)

  • Federal Trade Commission Act (FTCA)

  • Gramm-Leach-Bliley Act (GLBA)

  • Protection of Pupils Rights Amendment (PPRA)

  • Electronic Funds Transfer Act (EFTA)

  • Children’s Online Protection Act of 1998 (COPPA)

  • Fair Credit Reporting Act (FCRA)

  • Fair and Accurate Credit Transactions Act (FACTA)

  • Family Educational Rights and Privacy Act (FERPA)

  • Student Online Personal Information Protection Act, California SB 1177 (SOPIPA)

  • California AB 1584

  • California Educational Code 49073 (CEC 49073)

  • Customs-Trade Partnership Against Terrorism (C-TPAT)

  • Fixing America’s Surface Transportation Act (FAST)

  • International Organization for Standardization (ISO)

  • National Institute of Standards and Technology (NIST)

  • Payment Card Industry Data Security Standard (PCI DSS)

  • Center for Internet Security, Critical Security Controls (CIS CSC 20)

  • American Institute of Certified Public Accountants  (AICPA SOC1 and SOC2)

 

Many of the listed items actually have some overlap or redundant clauses, and we regularly assist our clients in performing compliance assessments to help them  navigate through the various regulations and standards that apply to their organizations.  Once an assessment of the client systems and applicable standards has been completed, gap analysis is performed to identify deficiencies and provide a list of recommended remedies.  We also then assist organizations in taking corrective action and implementing the required policies, procedures and information technology solutions that are necessary to meet or exceed the applicable requirements.  Banshee Networks can assist your organization in being confident that its information systems are in compliance with required laws and applicable standards.

 

 

 

 

CONTACT US

Small Business ServicesMidsized Business ServicesEnterprise Business ServicesWireless ServicesComputer ForensicsStrategic PlanningCyber SecurityNetwork Management & Advanced TroubleshootingNetwork Penetration TestingCloud ServicesMobile SolutionsServices OverviewTechnologiesAbout