Assurance™ Compliance

We are here to help you navigate compliance. Each engagement and service is developed to fit your organization’s size and infrastructure complexity. Regardless of your vertical or size, we are here to provide solutions and mitigate risks as they relate to your business productivity and continuity.
We perform in-depth control testing to determine if implemented controls are effective. The United States Department of Health and Human Services has stated that the NIST 800-30 guidance is an acceptable risk assessment strategy, and thus Intrinium performs our assessments according to this methodology.
After an engagement, a detailed report listing the compliance gaps for all administrative, physical, and technological safeguards will be provided, along with detailed recommendations for remediation of such issues.
.
The nine steps of this methodology that will be followed by Intrinium are:
Vulnerability Identification
System Characterization
Control Analysis
Likelihood Determination
Control Recommendations
Threat Identification
Impact Analysis
Risk Determination
Results Documentation
Healthcare Requirements
If you are an organization that belongs to the category of a covered entity (U.S. health plans, healthcare clearinghouses or healthcare providers) or business associates and you handle “protected health information” (PHI), interfaces with medical or patient records, you must proceed with ensuring you are HIPAA compliant.
Credit Card Requirements
If you are an organization that stores, processes or transmits credit card data, you must proceed with ensuring you are PCI compliant.
Financial Requirements
If you are a financial institution that belongs to the entity of (banks, credit unions, investment firms or mortgage brokerage firm), you must proceed with ensuring you follow financial compliance bound by the FFIEC.
PCI Compliance

Intrinium has met the rigorous requirements of the PCI Security Standards Council to become Qualified Security Assessors, which is the only certification that authorizes auditors to complete your Attestation of Compliance and Report on Compliance. Our auditors have the experience necessary to assist in identifying the Self-Assessment Questionnaire (SAQ) and can assist in properly filling it out
With digital payment methods becoming a preferred method for many vendors and clients alike, it is more important than ever to secure your transactions. We are here to assist with streamlining your security to ensure your organization is PCI compliant as required by the Payment Card Industry Security Standards Council. The PCI DSS 3.0 standards apply to all organizations that store, process, or transmit credit card data. There are 12 major requirements, along with approximately 200 sub-requirements that include the following:
Requirements #1 and #2: Build and Maintain a Secure Network
Requirements #3 and #4: Protect Cardholder Data
Requirements #5 and #6: Maintain a Vulnerability and Management Program
Requirements #7, #8, and #9: Implement Strong Access Control Measures
Requirement #12: Maintain an Information Security Policy
HIPAA Compliance

Intrinium has over a decade of experience working in the healthcare space from regional healthcare centers to big-city hospitals, we have executed hundreds of comprehensive HIPAA Audit, Risk Assessment and Gap Analysis based on the HIPAA Audit program set forth by the U.S. Department of Health & Human Services Office of Civil Rights, bound to the NIST 800-30.
The OCR HIPAA Audit program analyzes processes, controls, and policies of selected covered entities pursuant to the HITECH Act audit mandate. OCR established a comprehensive audit protocol that contains the requirements to be assessed through these performance audits. The entire audit protocol is organized around modules, representing separate elements of privacy, security, and breach notification.
Change Control Procedures
Contingency Planning
Data Management
Facility Access Procedures and Controls
Governance
Incident Response Policy, Plan and Procedures
Risk Management Program
Security Awareness Training
System Access Procedures and Standards
Vendor Management Program and Procedures
Site Visit to Review Physical Controls
Financial Compliance

Intrinium’s auditors are equipped to help you meet your compliance needs whether they
GLBA
FFIEC
NCUA
SEC
We are here to help, contact us today.
Using Initiatives from COVID for the Long Term
With the world focused on COVID-19, everyone is understandably concerned about how to survive the short-term. The strategy has been radically changed, but that is ok – we know that as a global community we will come away from this. One of the observations that we have...
Stability for Dental IT
Managing medical environments from small clinics to a large hospital takes a certain level of finesse, knowledge, and operational understanding. Unlike many other medical practices, we have identified unique challenges that dental practices are facing across the...
Office 365 Migration
Many organizations are still struggling to transition their workforce to a remote-friendly deployment. We recommend looking at a solution that meets the following requirements: Secure access that maintains authentication and access controls Scalable and available so...
Support IT and Security Operations
As workforces are forced to operate in a de-centralized manner, organizations are challenged with not only the transition to enabling a remote workforce, but also providing operational IT and security support for their users. With all the chaos, it may seem easy to...
WFH Telecommunications Policies
COVID-19 accelerated an already rapidly unfolding discussion about the future of work. The availability of flexible work resources is greater than ever, but many teams lack adequate governance in place to effectively leverage them. The most common mistake is to...
Work From Home Security Checkup
It is a quiet morning as I tightrope around the numerous obstacles in my path, slowly heading towards my home office, precariously balancing molten coffee with the fresh scent of my morning bagel in the air, in what can only be described as Cirque du Soleil maneuvers....
How’s Your Business Continuity Plan Working Out?
One of the most important lessons that a CIO or CISO can learn is to never let a crisis go to waste. If you are like me, the “Pandemic” entry in your risk assessment and business continuity plan was considered, but perhaps overlooked a bit in favor of fires, floods,...
Remote Work Security for Defenders
With more and more companies having non-essential personnel working at home to reduce risk, we wanted to touch on some of the risks from a defender standpoint. One of the big things in my mind is that attackers are using the cover of increased remote work to try and...
Remote Pentesting in an Isolated World
All the discussions and media coverage surrounding COVID-19 are enough to make anyone wish to unplug from it all and while this is admittedly a fantastic way of cleansing the mental palette to focus on the more essential aspects of life, cyber criminals are working...
5 Ways Managed IT Provides Remote Support
Managing your business’ IT when you aren’t able to be on site can be complicated. Intrinium’s experts are available to remotely support your business, assist in navigating your IT challenges and ultimately save you time, money and increase your productivity. If you...