Cyber Security Services - Regulatory Compliance

KLC IT Audit / Regulatory Compliance

Our certified IT Auditors help federal and state government, financial and banking institutions perform compliant assessment, and help address issues of the following:

DIACAP

The DoD Information Assurance Certification and Accreditation Process (DIACAP)is the United States Department of Defense (DoD) process to ensure that risk management is applied to Information Systems (IS). DIACAP defines a DoD-wide formal and standard set of activities, general tasks and a management structure process for the certification and accreditation (C&A) of a DoD Information Systems that will maintain the Information Assurance (IA) posture throughout the system's life cycle. KLC has DoDI 8570 certified professionals who perform the Defense Information Assurance Certification & Accreditation Process (DIACAP).

FISMA

The DoD Information Assurance Certification and Accreditation Process (DIACAP)is the United States Department of Defense (DoD) process to ensure that risk management is applied to Information Systems (IS). DIACAP defines a DoD-wide formal and standard set of activities, general tasks and a management structure process for the certification and accreditation (C&A) of a DoD IS that will maintain the Information Assurance (IA) posture throughout the system's life cycle. KLC has DoDI 8570 certified professionals who perform the Defense Information Assurance Certification & Accreditation Process (DIACAP).

NIST 800 Series (800-53, 800-37, 800-34 and more)

The National Institute of Standards and Technology (NIST) is the federal agency that works with industry to develop and apply technologies, measurements, and standards. KLC’s SMEs have worked directly with Federal and Private Institutions to assist with compliance to NIST standards. Our core competencies include experience in:

Privacy Impact Analysis (PIA)

The objective of the Privacy Impact Analysis (PIA) is to determine the scope, justification, and Privacy Act applicability for systems collecting, storing or processing sensitive, personal data that may be considered private. Starting with an analysis of current business operation, KLC can assess your privacy impact and help determine the potential damage to your brand and revenue. State and Federal laws set forth steep fines for non-conformance or non-compliance to regulatory privacy laws.

Sarbanes-Oxley (SOX)

KLC has performed Sarbanes-Oxley audits and General Controls testing since the inception of the Sarbanes-Oxley law. We have Big 4 experience with experience in dozens of industries. Our risk based approach to testing IT Audits and controls has been proven effective with some of the largest companies in the world.

Gramm-Leach-Bliley Act (GLBA)

Section 501 of the Gramm-Leach-Bliley Financial Services Modernization Act (GLBA) of 1999, addresses "Protection of Nonpublic Personal Information," and financial institutions to implement safeguards for the protection of customer information. KLC has assisted some of the largest financial institutions in the world with the implementation, testing, and maintenance of administrative, technical, and physical safeguards to ensure compliance with the Gramm-Leach-Bliley Act.

Financial Regulations FDIC, OCC, OTS, NCUA, (FFIEC)

KLC has over 10 years experience working with Regulators from the FDIC, OCC, OTS, NCUA, the Federal Reserve, and State examiners. We can represent your company in regulatory audits and examinations and be your central point of contact for all regulatory matters acting as interim CIO or CISO.

Payment Card Industry (PCI) Security Standard

Does your organization store or process credit cards? We have been assisting companies of all sizes achieve PCI compliance for over 8 years. We have developed proprietary templates and utilize industry best practices to achieve compliance at minimal cost to our clients.

Health Insurance Privacy and Accountability Act (HIPAA)

KLC has assisted Government institutions and the private healthcare industry achieve HIPAA compliance by performing detailed analysis of administrative, technical, and physical safeguards of ePHI (electronic protected health information).

Pharmaceutical / FDA (21 CFR Part 11)

Title 21 CFR Part 11 of the Code of Federal Regulations are the Food and Drug Administration (FDA) guidelines for electronic records and electronic signatures in the United States.  Part 11 Section (a) defines the criteria under which electronic records and electronic signatures are considered to be trustworthy, reliable and equivalent to paper records.

Massachusetts State Data Security Privacy Regulations (201 CMR 17)

Massachusetts and other states require companies to abide by state privacy regulations if you maintain access to someone’s data that resides in that state.

Products & Services

Follow Our Groups on Linkedin

KLC Consulting