Compliance, Policies and Audit Assistance

What are your security or privacy compliance challenges? Our BelowDay strategic planning experts have worked with common standards and regulations such as:

  • ISO 27001 / 27002 international security standards
  • NIST 800-171 Protecting Controlled Unclassified. Information in Nonfederal Information. Systems and Organizations
  • NIST  800-53 Security and Privacy Controls for Federal Information Systems and Organizations
  • NIST 800-30 Guide for Conducting Risk Assessments
  • NASPO standards for Brand Protection environments
  • SOX ITGC controls (Sarbanes-Oxley IT general controls)
  • GLBA, FFIEC, and FHFA financial and banking standards
  • PCI DSS – payment card industry data security standards
  • EU standards such as the Data Privacy Act, Safe Harbor, and the General Data Protection Regulation (GDPR)

In addition to these industry standards, there may be security standards or requirements from your customers which are often custom-written. You may also have internal information security policies and standards, sometime driven by Board concerns. Many of the standards with which your company has to or wants to comply have a number of elements in common and can be mapped together to reduce the overall scope of your compliance requirements. There are also steps you can take to reduce your compliance footprint while maintaining security and your commitments to your customer, regulators, and management, and the overall soundness of your company.

Let BelowDay assist your compliance efforts. We can map requirements; create policies, standards, and awareness; and provide training for the audit experience and assistance with audit preparation.