Compliance - Plans and Policies
Businesses that collect or license customer data are mandated to prepare and implement a Written Information Security Plan (WISP). States have similar mandates to protect data of their citizens. In addition, depending on the nature of the business, compliance with other regulations (HIPAA, Gramm-Leach-Bliley Act) or industry standards (PCI-DSS) is also mandatory.

Cybersecurity Compliance

Matured organizations have well defined cybersecurity plans and policies established and practiced in their operations. Adaptive organizations review and adjust these plans and policies at regular frequency as their risk factors change. We will help your organization develop cybersecurity program to comply with mandates and best practices.

We will work with your organization to review your current plans and policies and help you write or update to reflect organizational changes, changes in regulations and threat landscape.

NIST CSF Core Functions

Standards for the Protection of Personal Information of MA Residents 201 CMR 17.00

This regulation implements the provisions of M.G.L. c. 93H relative to the standards to be met by persons who own or license personal information about a resident of the Commonwealth of Massachusetts. This regulation establishes minimum standards to be met in connection with the safeguarding of personal information contained in both paper and electronic records. The objectives of this regulation are to insure the security and confidentiality of customer information in a manner fully consistent with industry standards; protect against anticipated threats or hazards to the security or integrity of such information; and protect against unauthorized access to or use of such information that may result in substantial harm or inconvenience to any consumer.

Every person who owns or licenses personal information about a resident of the Commonwealth shall be in full compliance with 201 CMR 17.00. A civil penalty of $5,000 USD may be levied for each violation of M.G.L. 93H, 201 CMR 17.00. In addition, under the portion of M.G.L. 93I concerning data disposal, businesses can be subject to a fine of up to $50,000 for each instance of improper disposal.

man watching webinar on laptop

Website vulnerabilities Assessment and Remediation

Year after year, studies have found more than 70% of web sites can be hacked. Studies have also found that 56% of breaches took months or longer to discover. That means, if your web site is being hacked right now and data is being compromised, you don't know about it. Businesses cannot afford to compromise data, customer information, employee data or be out of regulatory or industry compliance. The challenges of protecting the web site and the data are daunting and yet the solutions are simple and known.

We will review your web site and web server configurations for vulnerabilities and work with your team to resolve them to meet industry standards like OWASP Top 10, PCI, and others that apply to your industry.

web vulnerability assessment report

Contact us