The requirement to comply with government and industry regulations can put significant pressure on an organization; this pressure increases when cross-border issues emerge, and an organization must comply with Canadian and foreign regulations at the same time.
Most organizations understand the “why” or regulatory compliance; Digital Defence focuses on the “how” – specifically, how to rapidly achieve sustainable compliance in the most cost-effective manner.
DigitalDefence’s Compliance Management service educates employees about regulatory requirements, identifies gaps between current practices and regulated ones, and delivers a mediation plan that prioritizes items and identifies cost and time requirements. Our proprietary methodology is based on a scorecard approach that supports metrics and allows you to measure your progress to compliance.
DigitalDefence has worked with the following compliance frameworks during previous engagements:
- Canadian Government Security Policy
- Provincial Information and Technology Standards
- Personal Information Protection and Electronic Documents Act, PIPEDA
- ISO 27000 series
- Provincial, municipal standards governing privacy and access to medical information
- PCI Data Security Standard, PCI-DSS
- Service Organization Control, SOC, Report
- Gramm-Leach Bliley Act
- Health Insurance Portability and Accountability Act of 1996, HIPAA \ HITECH
- Sarbanes-Oxley Act, SoX
- Control Objectives for Information and Related Technology, CobiT
- North American Reliability Corporation (NERC)
- NIST Special Publications 800 series
- SANS Top 20 security controls
Our use of the ISMM methodology enables DigitalDefence auditors and consultants to rapidly adopt and integrate new compliance frameworks into our delivery model.
“Quick Start” approach ensures rapid and cost-effective compliance with regulatory requirements; reduces costs, implementation time, and brings critical personnel resources back to their regular duties
Access to experienced consultants with current knowledge about regulatory requirements and industry best practices—across Canada, the USA, and Europe
Comprehensive program delivery—customized programs provide services from strategy analysis through to implementation and monitoring
Raises internal awareness of information security risks