Regulatory Compliance

Compliance refers to adhering to the mandated boundaries (laws and regulations) and voluntary boundaries (company's policies, procedures, etc.).

‍

Stetson works with your organization to identify the requirements to meet compliance with stated policies and/or federal regulatory requirements such as:

- The Health Insurance Portability Act of 1996 HIPAA

- Security & Exchange Commission (SEC) 2023-139 Rules on Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure by Public Companies

- Federal Trade Commision's (FTC) Gramm-Leach-Bliley Act (FTC), aka Financial Services Modernization Act of 1999

- IRS Publication 4557 on Safeguarding Taxpayer Data, and/or

‍

New York State regulatory requirements such as:

- New York State Department of Financial Services Cybersecurity Regulation (NYS DFS 23 NYCRR 500), and

- NYS Education Law 2-D Part 121 (Strengthening Data Privacy and Security in NY State Educational Agencies to Protect Personally Identifiable Information).

‍

Industry Mandated Compliance such as:

- Payment Card Industry Security Council (PCI DSS) 2006 set of requirements to ensure all companies that process, store or transmit credit card information maintain a secure environment.

‍

Once identified, we will provide organization-specific recommendations and assist with implementing to achieve compliance.