Industry compliance is a requirement for many businesses to operate. Health care, financial services and government work are the most well know, but compliance is part of every business.
Third party regulation can be a complex maze of standards and practices including security, reporting, auditing, physical safeguards, policy and procedure.
TechRunner ensures that your business has the strategy and services in place to help you meet the standards and mitigate risk.
The HIPAA Security Rule established a set of national cybersecurity standards for the protection of all electronic protected health information (PHI) for patients and citizens. Any data created, received, maintain or transmitted under HIPAA requirements must be done so under these standards to avoid penalty and fines.
Medical and dental practices, senior care facilities, nursing homes and pharmacies are all mandated to meet HIPAA compliance in order to secure their patient data and avoid huge fines and penalties.
NYS Department of Financial Services requires cybersecurity measures in place and practice for all financial services companies operating in New York State. Outlined in regulation 23 NYCRR 50, every regulated institution is required to employ these practices, appoint a Chief Information Security Officer and file an annual report detailing the compliance measure in place.
Commercial banks, community banks, mortgage companies and auto loan financiers fall under this regulation.
The Payment Card Industry Data Security Standard was established to protect customer credit card information. Compliance requires your business, your credit card processor (3rd party) and TechRunner working together to follow the standard to ensure a safe and secure environment for customer purchasing.
The growth of work from home and mobile-first applications have increased the number of personal devices being used to access company data. “Bring Your Own Device” (BYOD) puts new requirements on businesses to secure their data outside of company-controlled computers and iPhones. Remote wipe, data encryption and business class security tools should be in place for every single device that it used for work.
Europe employed the General Data Protection Regulation to protect users’ “right to be forgotten”. Many organizations are required to assign a Data Protection Officer to meet the European Union’s data protection laws. If your business is based in the EU, offer goods or services in the EU or monitor the behavior of EU residents, GDPR compliance is a must.
The Brazilian General Data Protection Law is very similar to the European Union’s GDPR. Enacted in early 2020, the requirements on the LPGD (Lei Geral de Proteção de Dados) are in place to protect the data of Brazilian citizens. Expect more consumer protection laws to follow throughout the world.
And join the community of businesses who leverage our team and services.