SeattlePro specializes in cybersecurity risk management, governance and compliance. We offer regulatory compliance consulting services for well-known government regulations and industry standards. Our compliance consulting services cover the following sectors:
We take pride in not applying a cookie cutter approach to each project. We realize that every business is unique and each project is different. We listen to you and work with your staff to use a methodology that’s right for you. Our customized approach ensures we are offering solutions that will fit your needs.
We offer regulatory compliance consulting services for the following standards and regulations.
The NIST standards are offered by the U.S. Department of Commerce. SeattlePro can assist with the implementation of some of the common NIST standards, such as:
These are just a couple of examples. We can also help you with other NIST standards that you may be interested in. Please contact us for more information. We would be glad to answer your questions.
The GDPR applies to organizations that operate within the European Union (EU) and those outside of EU which offer goods or services to customers or organizations in the EU. If your organization falls in this category and would like to become GDPR-compliant, our experienced consultants are ready to help you. We will guide you through the steps necessary for your organization to become compliant.
SeattlePro can not only point out what is necessary for your organization to become GDPR-compliant, in most situations we can also implement the necessary security controls for you. Our cybersecurity professionals are highly skilled and many of them have a master’s degree in cybersecurity. All of our cybersecurity consultants and instructors hold multiple security certificates and have years of hands-on experience. Please contact us for more information on how SeattlePro can help you become GDPR-compliant.
HIPAA establishes national standards and regulations that protect the privacy and security of certain health information in the United States. These regulations are based on the HIPAA Privacy Rule and the HIPAA Security Rule published by the U.S. Department of Health and Human Services (HHS). Within the HHS, the Office for Civil Rights (OCR) enforces the Privacy and Security Rules with voluntary compliance activities and civil money penalties.
SeattlePro can perform an assessment of your current environment and prepare you for HIPAA compliance. Please contact us for more information on how we can assist you.
The Sarbanes-Oxley Act of 2012 (SOX) is named after its co-sponsors Senator Paul Sarbanes and Senator Michael Oxley. It’s U.S. federal law that established auditing and financial regulations for public companies. The law is geared towards protecting employees, shareholders, and general public from corporate fraud.
Interested in SOX compliance? Please contact us to learn about our approach and find out how we can help your organization meet SOX requirements.
The PCI DSS standards are established by PCI Security Standards Council, which was founded in 2006 by American Express, Discover, JCB International, MasterCard and Visa. These standards help financial institutions and merchants implement secure payment solutions to prevent data breaches and theft of cardholder data. The standards established by PCI Security Standards Council encompass the following four categories:
If you are a merchant or a service provider who accepts credit card payments, we would love to assist you with your PCI security and compliance needs. Please contact us for more information on how we can help your organization.
The System and Organization Controls (SOC), formerly known as Service Organization Controls, is a suite of service offerings provided by Certified Public Accountants (CPAs) to a service organization related to the system-level controls. The American Institute of Certified Public Accountants (AICPA) allows the service auditors to issue reports, which are broken down as follows.
Please contact us for more information on SOC compliance.
The International Organization for Standardization (called ISO in the United States) promotes the development of national standards around the world. Together with International Electrotechnical Commission (IEC) it came up with the ISO/IEC 27000 series of guidelines related to the information security. These standards are meant to help organizations keep their assets secure. Perhaps the most well-known standards in this family are the ISO/IEC 27001:2013 and ISO/IEC 27002:2013.
SeattlePro can help you prepare for ISO/IEC 27001:2013 certification and assist in implementing the best practices and controls specified in detail in ISO/IEC 27002:2013. Please contact us for more information regarding ISO/IEC standards and certification.
The CIS Critical Security Controls can be instrumental in protecting your organization and data from cyberattacks. Both the private and public sector relies on basic, functional, and organizational CIS Critical Security Controls to thwart over 85% of common attacks. These Critical Security Controls are also helpful to organizations interested in regulatory compliance, such as HIPAA, PCI DSS, FISMA, GDPR, ISO/IEC 27002, etc. We can implement these security controls for your organization to enhance your enterprise security posture. Please contact us for more information.
In addition to the above standards and regulations, SeattlePro is well-equipped to offer its consulting and training services to organizations that are interested in any of the following:
Microsoft Office 365 is a cloud-based service that includes many components, such as SharePoint Online for collaboration, Outlook for messaging, Skype for Business for audio and video conferencing, etc. If your organization needs to meet certain government regulations or industry standards (GDPR, SOC2, HIPAA, CIS Controls, ISO/IEC 270001, etc.) and you are using Office 365, we have the expertise to assist your organization achieve the necessary compliance. As part of the process, we will also perform a cybersecurity risk assessment of your Office 365 Admin Centers (the backend of Office 365) to ensure your Office 365 tenant is secure, close any potential security holes, and provide a report of the security controls that were implemented. If you have any questions, please do not hesitate to contact us. We will be glad to answer your questions.
As part of our compliance services, we can write the necessary information security policies and procedures for your organization. We will also be glad to review your existing policies and update them, if necessary, to ensure they serve their purpose and meet the standards. Please visit Information Security Policies for more information.