Gain peace of mind with our regulatory cannabis compliance services.

Towerwall offers best-in-class cannabis compliance, data privacy and information security services for cannabis businesses striving to succeed in one of the most highly regulated industries in the country. These offerings enable cannabis dispensaries and medical businesses to maintain continuous compliance with federal, state, and credit card data privacy mandates. In conjunction with cannabis regulatory compliance, Towerwall specializes in providing deep risk management, risk prevention and risk remediation for cannabis organizations and for the ancillary businesses servicing them.

Our Cannabis Compliance services include:

Compliance Adherence Services

Enables cannabis dispensaries, cultivation centers, and processors and the ancillary businesses* that service them, to demonstrate a history of compliance with federal, state, and local regulations and requirements. Including:


  • Regulatory Compliance Risk Assessments
  • Compliance Verification
  • Compliance Gap Report
  • Compliance Risk Scores
  • Corrective Action Plan
  • Violation Remediation


*Ancillary businesses include but are not limited to cannabis medical doctors, lab testers, banks, credit unions, etc.

Policy Development

Standard Operating Procedures – rules and procedures for dispensaries, cultivation sites, and processing and testing facilities that bring all aspects of the business operation into line with current regulations.   


Written Information Security Plan (WISP) – regulatory required document for all businesses who have custody of or accesses to personal information about a Massachusetts resident.


Incident Response Plans – documented steps for quick response and recovery from security related incidents and unplanned business disruptions.


Security and Data Privacy Policies – written policies that outline best practices and promote data security and privacy standards for your business and employees.   

Privacy & Compliance Awareness

Data Privacy and Security Awareness – provides awareness initiatives that can be adopted by employees and build a culture of data privacy and information security in cannabis businesses.


Compliance Thought Leadership – Towerwall’s foremost authorities inform and educate attendees on the value of compliance in the cannabis industry and how it can be leveraged by state agencies, local municipalities, banks, and credit unions.

Data Privacy Services

Ensures cannabis businesses who access, store, or transfer private health information or personal identifiable information are compliant with federal, state, and credit card data privacy mandates. Including:


HIPAA Compliance Assessments – Health Insurance Portability and Accountability Act – requires businesses to protect the privacy and security of private health information that is accessed, stored, or transmitted.


State Data Privacy Compliance Assessments – Such as Massachusetts 201 CMR 17.00 – requires businesses to develop a written, regularly audited plan to protect a Massachusetts resident’s personal information that is accessed or stored. 


PCI Compliance Assessments – Payment Card Industry Data Security Standard (PCI DSS) – requires all businesses that accept, process, store, or transmit credit card information to maintain a secure environment.

Banking Compliance Due Diligence Services

Prospect Compliance Scores – banks and credit unions, commission Towerwall to conduct cannabis-specific business assessments and due diligence on prospective cannabis banking customers and leverage compliance risk scores as a decision making factor.


Ongoing Compliance Assessments – provides ongoing “know your customer” compliance due diligence to ensure cannabis customer maintain a history of continuous compliance with state and local regulations and banking requirements.

Secure Infrastructure Services

Ensures the people, process, and technology practices used in cannabis businesses protect the confidentiality, integrity, and availability of their computer systems and the information they contain. Including:

  • Antivirus Software
  • Firewall Protection
  • Data Loss Prevention Tools