Nearly all types of businesses today must operate in compliance with governmental regulations of some sort. Some are industry-specific – The Department of Transportation (DOT) has its own compliance requirements for the trucking industry, but those regulations are of little concern to an accountant, doctor, or attorney. The areas of assessments and compliance that effect almost every industry are those dealing with the protections for customer data, what they call Personally Identifiable Information (PII) or Non-public Personal Information (NPPI).
No matter the size of a company or its industry, compliance with governmental regulations is crucial, and there is a wide range, from Cybersecurity, which is usually overseen by the company’s IT Support entity, whether internal or outsourced, to compliance with the guidelines of the Equal Employment Opportunity Commission (EEOC) or the Occupational Safety and Health Administration (OSHA). The ‘forest’ of Government Regulatory Acronyms is dense, deep, dark, and treacherous.
An assessment by a qualified expert in the compliance requirements governing your industry is critical. It will tell you in no uncertain terms where you are compliant and where you are not. This is not a risk assessment; it is purely a listing of where you are lacking. Sometimes, several assessments are needed. If your company manufactures and ships product in your own trucks, these two facets of your operation will have two different sets of governmental compliance requirements from different agencies – and that is before you go into the office to assess your Cybersecurity system.
Not adhering to the regulations that apply to you and your business can put you at risk to massive government penalties and even closure, to consumer lawsuits. Any company of a decent size, for example, at least 100 employees should have a Compliance Officer, but many Small and Mid-size Businesses (SMBs) – from 1 to 100 employees tend to navigate their compliance requirements as best they can, which is all too often not good enough.
We strongly advise all businesses pay close attention to all government regulations to ensure continuing compliance, but as a Managed IT Services firm, we at IT Support LA take care to make sure that our clients are compliant with all IT related regulations. The garden variety of IT services ‘Guys’ who provide IT support under the outdated model of Time & Materials - what the industry calls ‘Break & Fix’ (B&F) will rarely if ever see to these compliances. They just wait for something on the network to break and they come out to fix it, and that’s the extent of their involvement with the client.
Any reputable member of the IT Support Los Angeles Community should be able to name all government regulations and compliances that involve Data Breaches, Data Theft and any other cyber-attacks in a heartbeat. A Break and Fix IT Guy would have to look them up – if he is willing to that – typically the response would be: “I just fix the computers – all that other stuff is your problem.”
The sector of the IT Support and Services industry that safeguards against violations and non-compliance is Cybersecurity. The main thrust of government laws and regulations are to protect consumer information and their rights to keep their data private, and this landscape of acronyms changes constantly. It is the job of the Managed Services Provider to keep abreast of these changes and ensure client compliance at every turn.
IT Support LA takes care of this for you:
We have never had a client who was forced to pay a penalty for any non-compliance issues.
Your Free Network Security Assessment is waiting for you, with NO obligation to ever use our full Managed IT Services. There are no strings, and the comprehensive report we produce is yours to keep. Either fill in the form on this page or call us at:
818-805-0909
Assessments and Compliance Q & A
Q: What is PCI compliance?
A: This is the area that governs The Payment Card Industry (PCI). The Payment Card Industry Data Security Standard (PCI DSS) sets the regulations involved in a company processing, storing, and transmitting credit card information. Read more HERE.
Q: What is HIPAA compliance?
A: HIPAA (Health Insurance Portability and Accountability Act) is the main set of government regulations concerning the healthcare industry which sets the standards for the lawful use of patients’ Protected Health Information (PHI), such as medical histories. Read more HERE.
Q: What is a compliance officer?
A: A company’s Compliance Officer makes sure that the business is in full compliance with all regulatory and legal requirements. The CO also ensures that all internal bylaws and policies are followed. Investopedia offers a detailed description of a CO’s duties detailed description of a CO’s duties.
Q: What is GDPR compliance?
A: The General Data Protection Act governs the personal private data of citizens of the European Union (EU) for transactions that take place within the EU. Any business, regardless of where it is located, that does business in the EU must be compliant with the GDPR regulations.
Q: What is SOX compliance?
A: SOX, or the Sarbanes-Oxley Act of 2002, is a complex set of laws and regulations which govern the internal controls that affect financial reporting and Cybersecurity in publicly traded companies. After the catastrophic ‘Dot Com Bubble’ Bursting of 2,000 companies who used fraudulent reporting practices were indicted – companies like Enron, Tyco, and WorldCom (which went out of business as a result).
Q: What is 508 compliance?
A: This refers to Section 508 of the US Rehabilitation Act of 1973 which was created as a protection discrimination based on disabilities. Section 508 was added to reinforce and add enforcement capabilities to the original Act.
Q: What is SOC 2 compliance?
A: SOC 2 compliance requirements are set by the American Institute of Certified Public Accountants’ (AICPA) Trust Services Criteria (TSC). The assessment process ensures that the Managed IT Services provider or internal IT services department or person securely manages a company’s data in order to adequately protect the privacy of its clients.
