Our audit and compliance services include:
Review, audit, gap analysis and assessment, and compliance audit reports
of information systems for governance, security, privacy, controls and
monitoring, and retention/destruction programs.
Review of existing policies and procedures.
Development of documented programs, policies,
and procedures for
the retention, disposition, security and privacy of corporate information.
Audit, review, analysis, recommendations and
dashboards for GRC, PCI, HIPAA, HiTech, and COBIT compliance programs.
Assistance with development of governance programs, litigation hold procedures, compliance measures
and controls, and reporting.
Compliance guidance, risk assessment, control measures, and processes
needed in new systems or when transitioning existing systems or resources to
Compliance Reviews and
Numerous US federal, state, and
international laws create compliance obligations for documentation, retention,
collection of personal information, secure storage and destruction of information, and
the management of corporate
information assets. Some requirements include information governance
and security audits; discovery disclosures and timelines; privacy
policy notifications; international, FTC and HIPAA requirements for
documented and monitored security and privacy programs that ensure personally identifiable information
about employees, customers, or financial transactions are securely stored,
privacy monitored, and information routinely destroyed; and
reporting requirements if security measures are breached.
need to be performed each year to monitor and meet requirements
security, privacy, and retention/disposal programs and need to be an
integral part of developing SLA's for Cloud services or outsourced
operations. Legal requirements need to be
reviewed and updated every 1-3 years to ensure compliance with current legal
requirements for the retention, destruction, privacy, and security of
Analysis of existing
systems including documentation, policies/procedures, implementation
practices, and control measures.
Identification of legal
and regulatory requirements as well as industry standards such as PCI that
create compliance requirements for documentation, privacy, security,
and destruction of
including gap analysis, assessment and a straight forward roadmap and work plan to achieve
Denise Simons by:
Phone: (253) 631-1509