Security Compliance Services

End to End Implementation Services across various standards and frameworks to aid in certification success

Intuitive’s Security Compliance Services are built on time tested & efficient methodologies to ensure success. A managed services approach useful for companies who are looking to meet the certification requirements but, do not necessarily want to recruit internal staff or, invest significantly on mitigation of risks or, could use an experienced approach to meet the requirement.

Our certified team have extensive frontline security experience with clients across various industry segments.

Additionally, we can also program manage the entire effort for the organisation and ensure success.

HITRUST

Health Information Trust Alliance (HITRUST) CSF is a certifiable framework, designed to provide organizations who work with health data with a comprehensive & streamlined approach to regulatory compliance, privacy & risk management. Thus, the HITRUST CSF aids in safeguarding electronic protected health information (ePHI) & other critical information and helps organizations streamline their security and compliance requirements.

HIPAA

The Health Insurance Portability and Accountability Act (HIPAA) passed by the US House of Representatives defines how electronic protected health information (ePHI) needs to be managed and secured. Whether you are a Covered Entity (CE) or a Business Associate (BA) there are policies, procedures and processes you need to comply with. As data breaches and regulatory oversight increases on health-related companies, maintaining HIPAA compliance is the absolute minimum standard companies should adhere to.

SOC 2

A SOC 2, or “System and Organization Controls 2” is quickly becoming one of the most sought-after compliance standards in North America. The SOC 2 framework is an auditing procedure that ensures your service providers securely manage the data to protect the interests of your organization and client’s privacy on five principles – Security, Availability, Processing integrity, Confidentiality and Privacy.

NIST CSF

NIST Cybersecurity Framework is a voluntary framework that consists of customizable standards, guidelines, and best practices to manage cybersecurity-related risk.

The main purpose of NIST CSF is “Improving Critical Infrastructure Cybersecurity,”

The Cybersecurity Framework’s prioritized, flexible and cost-effective approach helps promote the protection and resilience of critical infrastructure.

ISO 27001

ISO 27001 is a popular & well-accepted security standard & certification to implement & showcase an organization’s security posture. The objective of the standard is to “provide requirements for establishing, implementing, maintaining and continuously improving an Information Security Management System (ISMS)”. The independent certification to the standard is recognized around the world as an indication that your organization is aligned with information security best practices.

GDPR

A breach of the GDPR requirements can results in fines and mandates that can significantly impact your ability to operate your business and additional fines, compliance mandate, etc. If your business is collecting and/or storing data from citizens or residents in Europe, you will be affected by the provisions of GDPR. Complying to GDPR takes more than adding a banner to your website making visitors aware of cookies from your website.

European citizens have a right to request their personal data in an easily readable format that provides the relevant information on the data being processed, the purpose, and if it was sent to a third party.

PCI DSS

PCI DSS (Payment Card Industry Data Security Standard) is an information security standard for organizations that handle and process credit card transactions. It is presided over by all the major credit card providers including American Express, Visa, Mastercard, Discover, and JCB. Like the healthcare industry, the payment card industry retains and processes billions of sensitive records annually, making organizational security paramount.
PCIDSS ensures that controls are in place to limit access to cardholder data, protect the confidentiality of transactions, and continuously protect organizations’ security posture through mandatory testing and scanning by certified PCI ASV testers.