Law firms, banks, healthcare institutions and colleges and universities are subject to numerous laws, regulations, and contractual obligations that specify requirements related to the appropriate management and protection of diverse information sets. Understanding and maintaining compliance with these different requirements is sometimes a difficult road. The path to establishing compliance is through a full and continuaous audit through cyber assessment. This means compliance and regualtions assessment takes a complete look at the areas in which your organization has responsibilities, whether legal, regulatory, contractual, or self-imposed.
Cybersecurity Assessment and Auditing Check
- Awareness of relevant regulations/laws. (Do you know what you need to follow?)
- Awareness of relevant policies. (Do you know what institutional policies apply to information use?)
- Awareness of relevant contractual agreements. (Do you know what agreements your institution has made that impose conditions on the use of data?)
- Awareness of relevant standards or best practices. (Do you know what standards or best practices your institution chooses to follow with respect to information use?)
- Management of institutional records. (Do you know what you need to keep and for how long?)
- Awareness of how records are managed by your institution.
- Approach to complying with each item. (Do you know what your organization is doing to follow the law?)
- Awareness of internal and/or external audit activities. (Do you know what internal/external audits exist and what is required to meet or pass these reviews?)