Regulatory Compliance
Compliance refers to adhering to the mandated boundaries (laws and regulations) and voluntary boundaries (company's policies, procedures, etc.).
Stetson works with your organization to identify the requirements to meet compliance with stated policies and/or federal regulatory requirements such as:
- The Health Insurance Portability Act of 1996 HIPAA
- Security & Exchange Commission (SEC) 2023-139 Rules on Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure by Public Companies
- Federal Trade Commision's (FTC) Gramm-Leach-Bliley Act (FTC), aka Financial Services Modernization Act of 1999
- IRS Publication 4557 on Safeguarding Taxpayer Data, and/or
New York State regulatory requirements such as:
- New York State Department of Financial Services Cybersecurity Regulation (NYS DFS 23 NYCRR 500), and
- NYS Education Law 2-D Part 121 (Strengthening Data Privacy and Security in NY State Educational Agencies to Protect Personally Identifiable Information).
Industry Mandated Compliance such as:
- Payment Card Industry Security Council (PCI DSS) 2006 set of requirements to ensure all companies that process, store or transmit credit card information maintain a secure environment.
Once identified, we will provide organization-specific recommendations and assist with implementing to achieve compliance.