WOM Technology Management Group’s IT Compliance Management Services helps your organizations identify and maintain compliance requirements, provide insights into vulnerabilities and policies, and automate threat management and mitigation activities.
The confusing and ever-expanding rules and regulations regarding data and security have left business leaders confronted with a myriad of compliance requirements. When organizations fail to approach their compliance in a holistic fashion, it can lead to ineffective risk management decisions and greatly increased costs to meet necessary standards or financial penalties for falling short of requirements.
WOM Technology Management Group will work with your organization to ensure compliance activities are aligned to your desired compliance requirements and/or best practices.
LEARN MORE ABOUT OUR COMPLIANCE MANAGEMENT SERVICES
Common Compliance Standards
CMMC
CMMC is a new standard that sets out to protect Federal Contract Information (FCI) and Controlled Unclassified Information (CUI) by defining the approximate cybersecurity posture of organizations within the DoD supply chain. This new compliance framework will affect over 300,000 organizations. The CMMC standard will replace self-assessed NIST 800-171 and will be a requirement for DoD contracts by the year 2025. Sources indicate that most organizations will likely require CMMC Level 2. WOM Technology Management Group works with organizations of all sizes to determine gaps, provide full security coverage, and manage IT services in a manner that is compatible with CMMC requirements.
NIST
NIST 800-171 is a set of standards and security controls recommended by the National Institute of Standards and Technology in order to protect certain types of government data on non-federal systems. This standard was previously self-assessed, but new compliance requirements from CMMC will now require a certified auditor (C3PAO) to validate that the NIST 800-171 controls are properly implemented within an organization.
DFARS
DFARS is the defense supplement to the Federal Acquisition Regulation (FAR). In the context of IT and cybersecurity, the DFARS cyber clause DFARS 252.204-7012 is the relevant portion. This clause outlines the requirement for NIST 800-171 compliance for CUI. CMMC was developed to help accelerate and properly assess the intent behind DFARS 252.204-7012.
HIPAA
The Healthcare Insurance Portability and Accountability Act (HIPAA) and the subsequent Health Information Technology for Economic and Clinical Health (HITECH) Act defines policies, procedures, and processes that are required to secure electronically protected health information (ePHI). As the regulatory oversight related to HIPAA increases, safeguarding compliance becomes more valuable than ever before.
PCI DSS
The Payment Card Industry Data Security Standard (PCI DSS) compliance applies to organizations of any size that handle credit card payments. Compliance is adherence to a set of procedures and policies developed to protect card transactions, preventing the misuse of user-personal information. There are four different levels of PCI compliance depending upon the volume of transactions your organization transacts over a 12-month period.
GDPR
The General Data Protection Regulation (GDPR) is an European Union (EU) regulation that governs consumers’ private information. GDPR applies to all businesses that process personal data of EU citizens, regardless of where the EU citizen lives. Consent must be given in an easy-to-understand, accessible form with a clear written purpose for the user to sign off on and there must be an easy way for the user to consent. Due to the complexities of this regulation, working with a third party for compliance is a best practice.
CCPA
The California Consumer Privacy Act is a new law that aims to protect privacy and consumer rights for residents of California. CCPA compliance is similar to GDPR in many ways, requiring strict handling of consumer data and a “right to delete” for all stored data.
HITRUST
The Common Security Framework (CSF) is a comprehensive and certifiable security framework used by healthcare organizations to efficiently manage regulatory compliance and risk management. HITRUST unifies the recognized standards and regulatory requirements from ISO, NIST, HIPAA/HITECH, PCI DSS, and COBIT. There are several methods for HITRUST compliance including Self-Assessment, Validated Assessment, Certified Assessment, or SOC-2 + HITRUST.