Compliance Assessments & Consulting
eUS offers several services related to developing the policies, procedures, logs and documentation that are required for compliance with PCI-DSS, ISO/IEC 27001, CMMC, NIST 800-171, HIPAA, SOC2, FedRAMP, and more. We can help you find and secure the PII (personally identifiable information), CHD (Card holder data) as well as HIPPA, SOX and other sensitive data that is governed by these laws and standards.
Many organizations are facing demands from critical business partners to demonstrate cyber security competence and practice. For example, the financial audits that perhaps breezed by the compliance to the IT General Controls are now more highly focused on it. Government contractor companies are being required to demonstrate compliance to standards such as NIST SP 800-171 and CMMC. Banks are requiring proof of stricter compliance to PCI-DSS.
We can assist you in the responses to these requests and mitigating any deficiencies. We can then further assist you with ongoing compliance services to maintain the records, conduct required reviews, respond to and document incidents and other work required for compliance.
Cyber security Insurance
Insurance companies have “due care” clauses in the cyber security insurance contracts that require proof of adherence to a security standard like ISO/IEC 27001, the NIST CSF and so on. If you have cyber security insurance, let us help you to see how likely it is you would be paid if you had a claim. We can conduct a cyber security insurance audit against the specific standards of many leading providers of this insurance. If there are areas that need improvement, we can assist you with the necessary mitigation.
Data Governance & Compliance Tools
- Automated monitoring of your data and who has permissions to the sensitive content.
- Put limits on sensitive content share parameters.
- Be notified if a user does unusual downloads. Often a sign of someone who is about to resign.
- Be sure files are shared in a way that creates an audit trail and is encrypted at rest and in transit.
Unusual file activity
Do you know when someone is copying an unusually large number of files… perhaps before they resign? We can arm you with tools that can help you know that someone is doing that kind of thing so it can be investigated. Do you know if there are people on your network who have rights to information they should not? Is your proprietary information accessible to just those who need access to do their job? Data classification and the associated security controls to enforce it, is critical to a modern security regimen. We can help you with the tools to manage these types of situations.
Right to be forgotten
EUS can provide you tools to keep your data secure and to aid in compliance with laws, regulations, and standards, including the right to be forgotten under CCPA and GDPR. CCPA, GDPR etc.
Many bodies of law, both domestic and foreign, now exist that give individuals the right to demand to either be forgotten by the organization or at least have all of the information in their possession be documented. These requests have statutory time limits for response and can, without the proper tools, cost a lot of hours to dig up this data. Failure to comply has fines and penalties that can be imposed.
If someone sends you a right to be forgotten request under CCPA or GDPR, how will you find all of the information that your organization has on a given person? How much time and money will each request take? We can provide you with tools to handle this situation to quickly and easily find requested information in your systems.