Policy & Compliance

STIGroup has considerable experience with the major compliance and regulatory standards that mandate technical, physical, and procedural security controls. We successfully take our clients through the entire process of compliance scoping, gap analysis, control implementation, and issue remediation.

Some of the standards and regulations that we regularly deal with include:

  • Payment Card Industry Data Security Standard ("PCI-DSS")
  • Health Insurance Portability and Accountability Act ("HIPAA") Health Information Technology for Economic and Clinical Health ("HITECH")
  • Federal Information Processing Standard ("FIPS")
  • National Institute of Standards and Technology ("NIST") SP800-53, SP800-82, Framework for Improving Critical Infrastructure Cybersecurity
  • Chemical Facility Anti-Terrorism Standards ("CFATS")
  • North American Electric Reliability Corporation ("NERC")
  • Statement on Auditing Standards No. 70 ("SAS 70") / Statement on Standards for Attestation Engagements No. 16 ("SSAE 16")

STIGroup conducts a review of your business processes and the associated information flow is conducted in order to establish the risk to the business represented by current and anticipated threats to the security of your information. By clarifying the risk, information sensitivity and criticality levels are defined that form the basis for development of an effective Information Security Policy. A formal Information Security Policy is then developed which defines the controls, both technical and procedural, that ensure the confidentiality, integrity, availability, and accountability of the information within your organization. These policies are aligned not only with industry best practices in information security, but also with applicable regulations and your corporate priorities.