Failure to comply with Regulatory Requirements can result in fines, imprisonment, possible civil litigation, and the risk of damage to reputation. Rules also apply to business partners. We are well experienced in the current Regulatory Standards. We approach Enterprise Risk with a 360-degree process and can prepare you to meet and stay in compliance with regulatory requirements. We provide the following:
- A framework for awareness and understanding
- Review of new standards and impacts on the organization
- Evaluation of Entity current state of compliance with new regulations
- Road map for implementing the corrective actions
- Develop compliance strategies
- Design and implement strategic solutions
- Provide and ongoing analysis of compliance with standards
Our Methodology
We can help your organization meet its Regulatory Requirements by first conducting a Gap Analysis and then completing all of the necessary documentation for your Organization. Combining the findings and solutions to meet both the Emergency Management and Business Continuity Programs as well as sections of Sarbanes-Oxley and ISO. Our methodology includes:
- Gap Analysis
- Impact Analysis
- Strategy
- Check List
- Plan
- Regulations and Practices
Regulatory Response
- Enhancing Financial System Mitigation to address accounting Irregularities and Financial Abuses
- Concentrations, both market-based and geographic, intensified the impact of operational disruptions
- Wide scale breakdowns lead to significant liquidity bottlenecks
- Interdependence among financial system participants
Redmond Worldwide helps clients with their Compliance program:
- Develops corporate Information Security policies, standards, processes, and guidelines as well as developing or assisting with compliance programs.
- Designs and implements programs for end-user awareness, compliance monitoring, and security compliance.
- Provides oversight ensuring that an appropriate information security infrastructure and related service delivery is in place and properly maintained.
- Develops and implements Information Security Risk Management processes to assess levels of risks as well as alternative cost effective risk mitigation strategies for projects, systems and IT initiatives.
- Creates appropriate information and cyber security infrastructure and related service delivery is in place and properly maintained.
- Through our Business Partners, we can provide additional services provided to the enterprise include forensics, investigations and litigation support as it relates to investigations and response.
- Develops, maintains, communicates and ensure compliance with policies, processes, and guidelines consistent with industry best practice standard frameworks.
- Identifies management responsibilities to ensure that the most cost efficient identity and access management solutions are deployed through the enterprise.
- Develops and implements the recovery strategies, plans and testing to inform management and help manage to an acceptable level of risk for the enterprise.
Redmond Worldwide:
- Follows Standards, Regulations and Best Practices for all of our Consulting projects
- Performs Gap Analysis and Internal Audits for Clients in reference to Standards, Regulations and Best Practices
- Consults on Compliance Projects
- Teaches ISO Certification Classes through PECB for Organizations
- ISO 27001 Certification Audits for Organizations
Standards, Regulations and Best Practices
In addition to Federal Financial Institutions Examination Council (FFIEC), HIPPA Security Rule (45 CFR), HITRUST Common Security Standards for PCI, PHI, PII. DHS Privacy Office’s Handbook, DOD Directive NUMBER (5400.11), SANS Institute Guidance, NIST, COBIT, FFIEC, and others specific to specific industries.
We also understand the importance of compliance with ISO, even if an Organization has no interest in becoming ISO Certified.
ISO Series
Some of the other ISO standards that we recommend being compliant with include:
ISO/IEC 27000:2014 covers:
- Information technology
- Security techniques
- Information security management systems
- Overview and vocabulary
ISO/IEC 27001:2013 covers:
- Information security management system
- Requirements
ISO/IEC 27002:2013 covers:
- Code of practice for information security management
- Information technology
- Security techniques
ISO/IEC 27003:2010 covers:
- Information security management system implementation guidance
- Information technology
- Security techniques
ISO/IEC 27004:2009 covers:
- Information security management
- Information technology
- Measurement
- Security techniques
ISO/IEC 27005:2011 covers:
- Information security risk management
- Information technology
- Security techniques
ISO/IEC 27007 covers:
- Guidelines for information security management systems auditing
- Information technology
- Security techniques
ISO/IEC 27032:2012, which covers many of the dependencies of cyber security such as:
- Critical information infrastructure protection (CIIP)
- Information security
- Network security
- Internet security
ISO/IEC 3100 covers:
- Risk principles and guidelines
- Framework
- Process for managing risk
ISO/IEC 38500 covers:
Information Technology Governance areas that help with:
- Establishing responsibilities
- Planning to best support the organization
- Validating the required performance
- Ensuring conformance with rules
- Ensuring respect for the human factors
for more information. 917-882-5453