Gain peace of mind with our regulatory cannabis compliance services.

Towerwall offers best-in-class cannabis compliance, data privacy and information security services for cannabis businesses striving to succeed in one of the most highly regulated industries in the country. These offerings enable cannabis dispensaries and medical businesses to maintain continuous compliance with federal, state, and credit card data privacy mandates. In conjunction with cannabis regulatory compliance, Towerwall specializes in providing deep risk management, risk prevention and risk remediation for cannabis organizations and for the ancillary businesses servicing them.

Our Cannabis Compliance services include:

Disaster Recovery Plan

  • Consists of disaster recovery procedures that will enable the resumption of business processes in a timely manner
  • Provides practical, actionable guidelines for extended back-up operations and post-disaster recovery activities

Banking Compliance Due Diligence Services

Prospect Compliance Scores – banks and credit unions, commission Towerwall to conduct cannabis-specific business assessments and due diligence on prospective cannabis banking customers and leverage compliance risk scores as a decision making factor.


Ongoing Compliance Assessments – provides ongoing “know your customer” compliance due diligence to ensure cannabis customer maintain a history of continuous compliance with state and local regulations and banking requirements.

Secure Infrastructure Services

Ensures the people, process, and technology practices used in cannabis businesses protect the confidentiality, integrity, and availability of their computer systems and the information they contain. Including:

  • Antivirus Software
  • Firewall Protection
  • Data Loss Prevention Tools

Emergency Procedures

  • Provides practical, actionable guidelines for emergency response
  • Includes procedures to followed in the event of an emergency including but not limited to fire, natural hazard, robbery, or other emergencies
  • Outlines steps for reporting, evacuation, shelter-in place, etc.

Employee Handbook

  • A customized compilation of policies, procedures, working conditions, and behavioral expectations for employees
  • Outlines guidelines and acceptable use practice to enable employee safety, crime prevention, and compliance with regulatory requirements
  • Includes information about the organization’s practices in regards to employee compensation, benefits, and terms and conditions of employment

HIPAA Assessment

  • An evaluation of a business’ compliance with HIPAA rules in regards to:
    • Administrative, physical, and technical safeguards
    • Policies and procedures
  • Includes conducting a compliance assessment and gap analysis to identify risks and vulnerabilities to the confidentiality, integrity, and availability of patient health information that is held by a business
  • Provides and prioritizes corrective actions for identified compliance gaps and violations

Information Privacy Policy

  • Describes steps to take to secure and protect the confidentiality, integrity, and availability of patient health information, personal identifiable information, and credit card information in accordance with regulatory requirements HIPAA, MA 201 CMR 17.00, and 105 CMR 725.030(B)

Written Information Security Policy (WISP)

  • Includes the creation of a WISP that encompasses administrative, technical, and physical security requirements that must be in place to minimize risks to personal information
  • Enables compliance with the requirements of the Massachusetts 201 CMR 17.00 regulation in regards to protection of personal information that encompasses the first name and last name or first initial and last name of an individual in combination with any one or more of the following:
    • Social Security number
    • Driver’s license number or state-issued identification card number
    • Financial account number

Workplace Policy

  • Outlines expectations of employee behavior and performance in the workplace including but not limited to prohibiting smoking and drugs use on premise
  • Addresses how the policy will be enforced and associated consequences for violation of the policy