Compliance Consulting

HIPAA, HITRUST, NIST, PCI DSS, GDPR     

The Scarlett Group’s Consulting Team is led by ISACA Certified Auditors.  

Our consultants will help you achieve compliance. Our team reviews your organization’s safeguards to identify areas where you can enhance your information security program to comply with administrative safeguards, breach notifications, organizational safeguards and physical safeguards.  

HIPAA/HITECH 

The Healthcare Insurance Portability and Accountability Act (HIPAA) and the subsequent Health Information Technology for Economic and Clinical Health (HITECH) Act defines policies, procedures, and processes that are required to secure electronic protected health information (ePHI). As the regulatory oversight related to HIPAA increases, safeguarding compliance becomes more valuable than ever before.  

HITRUST 

The Common Security Framework (CSF) is a comprehensive and certifiable security framework used by healthcare organizations to efficiently manage regulatory compliance and risk management. Our certified HITRUST Assessor partner and CPA firm can guide your organization to a HITRUST certification.  

HITRUST unifies the recognized standards and regulatory requirements from ISO, NIST, HIPAA/HITECH, PCI DSS and COBIT. There are several methods for HITRUST compliance including Self-Assessment, Validated Assessment, Certified Assessment, or SOC-2 + HITRUST.    

NIST 

The National Institute of Standards and Technology (NIST) 800-171 mandates that non-federal contractors and subcontractors that handle, transmit, or store controlled, unclassified information (CUI) comply with NIST to be awarded and maintain federal government contracts.  

Our readiness consultants will assist your organization through the self-assessment process as defined by NIST. The NIST cybersecurity standards are often applied to organizations outside the mandate as a good business practice. NIST as a benchmark may be important for your organization and we can help.  

PCI DSS 

The Payment Card Industry Data Security Standard (PCI DSS) compliance applies to organizations of any size that handle credit card payments. Compliance is adherence to a set of procedures and policies developed to protect card transactions, preventing the misuse of user-personal information.  

There are four different levels of PCI compliance depending upon the volume of transactions your organization transacts over a 12-month period.  Our readiness consultants will assist your organization in understanding and in the preparation for an attestation.  

GDPR 

The General Data Protection Regulation (GDPR) is an European Union (EU) regulation that governs consumers’ private information. Our Consultants will assess your vulnerabilities to this regulation and deliver suggestions to become compliant, if necessary. 

GDPR applies to all businesses that process personal data of EU citizens, regardless of where the EU citizen lives. Consent must be given in an easy-to-understand, accessible form with a clear written purpose for the user to sign off on and there must be an easy way for the user to consent. Due to the complexities of this regulation, working with a third party for compliance is a best practice.