Compliance is more than just a checklist.
How we help solve your Compliance & Privacy challenges:
Reduces Organization Risk
We work with your team to ensure security and privacy of your customers and data. This can significantly lower the risk of unlawful conduct, corresponding sanctions and loss of business reputation.
Increases Security & Efficiency
Compliance with data security standards boosts overall cybersecurity posture and develops capabilities to handle sensitive information.
Enhances Company Culture
Adoption of security compliance measures provides a unique opportunity to enhance the corporate culture and demonstrate industry leadership in information security.
Our Security Services
We consult clients through the following compliance & privacy initiatives:
- An evaluation of a business’ compliance with HIPAA rules, focused on:
- Administrative, physical, and technical safeguards
- Policies and procedures
- Includes conducting a compliance assessment, with a gap analysis, to identify risks to the confidentiality, integrity, and availability of patient health information
- Provides and prioritizes corrective actions for identified compliance gaps or violations
- Assesses level of compliance with the GDPR.
- Provides guidelines and recommendations to help an organization become compliant
- Develops appropriate checkpoints and controls to handle storage, transmission, security, and backup of Personal Identifiable Information (PII)
- Improves awareness of the value of data among employees, third-parties, and end-users
- DPO services available
- Ensures payment card information is stored, processed, and transmitted in a secure environment while adhering to the PCI DSS standards
- Conducts a detailed review of cardholder data flows
- Provides a cost-effective approach to meet PCI DSS obligations
- Provides assistance with the completion of the required reports — either self-assessment questionnaire (SAQ) or a full QSA-led (Qualified Security Assessor) Report on Compliance (ROC)
- Conducts an in-depth data mapping exercise to understand what systems and processes capture PI, the data transfers involved, etc.
- Provides a thorough Gap Assessment to understand PI risks and the maturity of security controls against those risks
- Helps establish a vision for consumer privacy and formulate policies and procedures to achieve and maintain it
- Helps prepare for HITRUST certification in several areas; these include writing security policies, and implementing security controls
- Provides assistance in navigating the HITRUST CSF so a company can prepare for certification
- Conducts a third-party review during the validated assessment process for certification
Gramm–Leach–Bliley Act (HLBA) Compliance
The Gramm-Leach-Bliley Act (GLBA) or the Financial Modernization Act of 1999, is a US federal law that makes it mandatory for financial institutions to make sure their customers know how these institutions are protecting sensitive customer information; ensure customers know about the right to opt-out if they do not want their information shared with third parties, and to implement specific safeguards that protect all customer information in line with the security plan worked out by the institution.
GLBA also extends to higher education institutes that qualify for Title IV programs. While GLBA focuses on financial institutions, it applies to Institutes of Higher Learning (IHE) as well. All Title IV schools are considered financial institutes under GLBA. (Title IV schools include any education institute that processes U.S federal student aid.)
NY DFS Compliance
- Tests control measures highlighted by the standard; provides a management report with identified gaps and areas of potential non-compliance
- Performs annual penetration testing, bi-annual vulnerability assessments, and periodic risk assessments mandated by NYDFS
- Provides an executive-level vCISO that can help craft and implement corporate cybersecurity policy, as well as provide overall governance to the cybersecurity program
CT K-12 (CT PA 16-189, FERPA) Compliance
- Ensures schools are compliant with privacy laws
- Provides assistance in implementing security controls
- Performs a thorough cybersecurity assessment to determine vulnerabilities and helps identify priority areas for investment, changes to infrastructure, end-user training, and access to student data
201 CMR 17.00 Compliance
- Performs an assessment to determine the current level of regulatory compliance; provides remediation for vulnerabilities detected
- Provides advisory on steps needed to achieve compliance and implementing a security program that automatically encrypts emails and data
- Provides assistance in creating a Written Information Security Plan (WISP)
SOC 2 Type 1 and 2 Compliance
- Helps prepare for SOC2 certification with assistance in several areas from writing security policies to implementing security controls
- Assists with the selection of the Auditor
- Provides assistance in navigating the SOC2 Type 1 and SOC2 Type 2 and best prepare for assessments and certification
- Conducts third-party review during the validated assessment process for certification
Cybersecurity Maturity Model Certification (CMMC)
As the Cybersecurity Maturity Model Certification (CMMC) takes flight as the new standard for security compliance, with all contracts expected to include CMMC by 2026, it is important to have a third party organization, such as Towerwall, ready to perform the necessary investigations and assessments to prove your compliance with the new regulations. Unlike other cybersecurity companies, the Towerwall team of experts stays educated and on all things cybersecurity, from compliance issues to new technology, to provide your company with the most advanced service possible.
We are willing and prepared to work with you through this adjustment to CMMC regulations to ensure your company meets all the requirements necessary to excel by these new set of standards.
Technology We Enable
KnowBe4 provides Security Awareness Training to help you manage the IT security problems of social engineering, spear-phishing and ransomware attacks.Learn more about KnowBe4
Alert Logic is the industry’s first SaaS-enabled managed detection and response (MDR) provider, delivering unrivaled security value.More about Alert Logic
LogRhythm SIEM solutions and Security Operations Center services enable organizations to detect, respond, and neutralizing cyber threats.More about LogRhythm
Imperva provides complete cyber security by protecting what really matters most—your data and applications—whether on-premises or in the cloud.More about Imperva