Assurance™ Compliance

Home » Services » Security Consulting » Assurance™ Compliance

We are here to help you navigate compliance. Each engagement and service is developed to fit your organization’s size and infrastructure complexity. Regardless of your vertical or size, we are here to provide solutions and mitigate risks as they relate to your business productivity and continuity.

We perform in-depth control testing to determine if implemented controls are effective. The United States Department of Health and Human Services has stated that the NIST 800-30 guidance is an acceptable risk assessment strategy, and thus Intrinium performs our assessments according to this methodology.

After an engagement, a detailed report listing the compliance gaps for all administrative, physical, and technological safeguards will be provided, along with detailed recommendations for remediation of such issues.

.

The nine steps of this methodology that will be followed by Intrinium are:

Vulnerability Identification
System Characterization
Control Analysis
Likelihood Determination
Control Recommendations
Threat Identification
Impact Analysis
Risk Determination
Results Documentation
Healthcare Requirements

If you are an organization that belongs to the category of a covered entity (U.S. health plans, healthcare clearinghouses or healthcare providers) or business associates and you handle “protected health information” (PHI), interfaces with medical or patient records, you must proceed with ensuring you are HIPAA compliant.

 

Credit Card Requirements

If you are an organization that stores, processes or transmits credit card data, you must proceed with ensuring you are PCI compliant.

 

Financial Requirements

If you are a financial institution that belongs to the entity of (banks, credit unions, investment firms or mortgage brokerage firm), you must proceed with ensuring you follow financial compliance bound by the FFIEC.

 

PCI Compliance

Intrinium has met the rigorous requirements of the PCI Security Standards Council to become Qualified Security Assessors, which is the only certification that authorizes auditors to complete your Attestation of Compliance and Report on Compliance. Our auditors have the experience necessary to assist in identifying the Self-Assessment Questionnaire (SAQ) and can assist in properly filling it out

With digital payment methods becoming a preferred method for many vendors and clients alike, it is more important than ever to secure your transactions. We are here to assist with streamlining your security to ensure your organization is PCI compliant as required by the Payment Card Industry Security Standards Council. The PCI DSS 3.0 standards apply to all organizations that store, process, or transmit credit card data. There are 12 major requirements, along with approximately 200 sub-requirements that include the following:

Requirements #1 and #2: Build and Maintain a Secure Network
Requirements #3 and #4: Protect Cardholder Data
Requirements #5 and #6: Maintain a Vulnerability and Management Program
Requirements #7, #8, and #9: Implement Strong Access Control Measures
Requirement #12: Maintain an Information Security Policy

Assurance™ PCI Compliance

Interested in learning more about Assurance™ PCI Compliance? Fill out the form below and we will be in touch.




HIPAA Compliance

Intrinium has over a decade of experience working in the healthcare space from regional healthcare centers to big-city hospitals, we have executed hundreds of comprehensive HIPAA Audit, Risk Assessment and Gap Analysis based on the HIPAA Audit program set forth by the U.S. Department of Health & Human Services Office of Civil Rights, bound to the NIST 800-30.

The OCR HIPAA Audit program analyzes processes, controls, and policies of selected covered entities pursuant to the HITECH Act audit mandate. OCR established a comprehensive audit protocol that contains the requirements to be assessed through these performance audits. The entire audit protocol is organized around modules, representing separate elements of privacy, security, and breach notification.

Change Control Procedures
Contingency Planning
Data Management
Facility Access Procedures and Controls
Governance
Incident Response Policy, Plan and Procedures
Risk Management Program
Security Awareness Training
System Access Procedures and Standards
Vendor Management Program and Procedures
Site Visit to Review Physical Controls

Assurance™ HIPPA Compliance

Interested in learning more about Assurance™ HIPPA Compliance? Fill out the form below and we will be in touch.




Financial Compliance

Intrinium’s auditors are equipped to help you meet your compliance needs whether they be related to GLBA, FFIEC, NCUA, SOX, or other SEC regulations for your financial institution. Regardless of the size or complexity, our team executes compliance and audit services based on robust Information Security standards set forth by the National Institute of Standards and Technology (NIST), the United States National Security Agency (NSA), and the SysAdmin, Audit, Network, Security Institute (SANS Institute), and Control Objectives for Information and Related Technology (COBIT). Our team has experience working with credit unions, banks, mortgage and investment firms nationally.

 

GLBA

FFIEC

NCUA

SEC

Assurance™ Financial Compliance

Interested in learning more about Assurance™ Financial Compliance? Fill out the form below and we will be in touch.




We are here to help, contact us today.

Understanding Incident Response, Planning and Cyber Insurance

Understanding Incident Response, Planning and Cyber Insurance

In less than one year, we’ve seen whole cities taken out by ransomware with no business continuity or disaster recovery plan in place to bring themselves back up- but it’s not just cities that don’t have a plan for when a catastrophe (digital or physical) hits.
Having a plan to restore business operations will save time, money, and stress, but that’s half the equation.  The other half is to practice the plan, make sure all the moving pieces fit together and make sure everything is practical and timely. Enough businesses have spent six digits or more due to not having an incident response plan- set your business and your industry apart.

Incident Response Plans: More Planning, Less Panic

Incident Response Plans: More Planning, Less Panic

In less than one year, we’ve seen whole cities taken out by ransomware with no business continuity or disaster recovery plan in place to bring themselves back up- but it’s not just cities that don’t have a plan for when a catastrophe (digital or physical) hits.
Having a plan to restore business operations will save time, money, and stress, but that’s half the equation.  The other half is to practice the plan, make sure all the moving pieces fit together and make sure everything is practical and timely. Enough businesses have spent six digits or more due to not having an incident response plan- set your business and your industry apart.

Capture the Flag Comes to Spokane

Capture the Flag Comes to Spokane

Chiara Morrison - Manager, Marketing  Spokane Mayor's Cyber Cup 2019 Chiara Morrison sat down to interview the creator of Spokane Mayor’s Cyber Cup 2019, Max Dulin, Senior at Gonzaga University, Computer Science Major. Chiara: Max, can you tell me a little bit about...

What is an Internal Vulnerability Test?

What is an Internal Vulnerability Test?

Chiara Morrison - Manager, Marketing  What is an Internal Vulnerability Test? The Intrinium Internal Vulnerability Assessment evaluates IT security from the inside of your organization and identifies critical vulnerabilities that could be exploited by attackers that...

What is a Risk Assessment?

What is a Risk Assessment?

Chiara Morrison - Manager, Marketing  What is a Risk Assessment? Risk Assessment is the combined effort of executing the following: 1.     Identifying and analyzing potential (future) events that may negatively impact individuals, assets, and/or the environment (i.e.,...

Pin It on Pinterest