Haystack Associates, Inc. About Haystack

 

 About

Resources

Services

Home

Our audit and compliance services include:

  • Review, audit, gap analysis and assessment, and compliance audit reports of information systems for governance, security, privacy, controls and monitoring, and retention/destruction programs.

  • Review of existing policies and procedures.

  • Development of documented programs, policies, and procedures for the retention, disposition, security and privacy of corporate information.

  • Audit, review, analysis, recommendations and dashboards for GRC, PCI, HIPAA, HiTech, and COBIT compliance programs.

  • Assistance with development of governance programs, litigation hold procedures, compliance measures and controls, and reporting.

  • Compliance guidance, risk assessment, control measures, and processes needed in new systems or when transitioning existing systems or resources to Cloud services.

Compliance Reviews and Audits
Numerous US federal, state, and international laws create compliance obligations for documentation, retention, collection of personal information, secure storage and destruction of information, and the management of corporate information assets.  Some requirements include information governance and security audits; discovery disclosures and timelines; privacy policy notifications; international, FTC and HIPAA requirements for documented and monitored security and privacy programs that ensure personally identifiable information about employees, customers, or financial transactions are securely stored, privacy monitored, and information routinely destroyed; and reporting requirements if security measures are breached. 

Compliance/performance audits need to be performed each year to monitor and meet requirements for existing security, privacy, and retention/disposal programs and need to be an integral part of developing SLA's for Cloud services or outsourced operations.  Legal requirements need to be reviewed and updated every 1-3 years to ensure compliance with current legal requirements for the retention, destruction, privacy, and security of information. Our reviews include:

  • Analysis of existing systems including documentation, policies/procedures, implementation practices, and control measures.

  • Identification of legal and regulatory requirements as well as industry standards such as PCI that create compliance requirements for documentation, privacy, security, storage, retention, and destruction of information.

  • Audit report including gap analysis, assessment and a straight forward roadmap and work plan to achieve compliance.

For more information please contact
Denise Simons by:
E-mail: dsimons@haystackassociates.com
Phone:  (253) 631-1509

Copyright ©2000 - 2018 Haystack Associates, Inc. All Rights Reserved