Risk management and compliance.
Navigating data privacy laws and managing privacy risks are essential components to an organization’s compliance and operational activities. Every company collects and handles data related to customers, partners, website visitors, employees or other individuals, as well as propriety information and trade secrets. In addition, many employees inside the company touch different types of data, ranging from teams handling customer service or “Big Data” analytics or HR functions, through to vendor management, IT/IS and security personnel, and even scientists, engineers and mobile app developers. Further, data is often shared between corporate entities and with third parties such as partners and service providers, and usually across borders. The international and interconnected nature of many IT solutions (e.g., through worldwide shared service centers, outsourced service providers and cloud based solutions), can further complicate compliance and risk management. Organizations―particularly multinationals or those with global customer bases―must balance the requirements of dozens and sometimes hundreds of international privacy regimes.
The objective of our services is to support the protection of critical infrastructure, assurance of agency information, and operations that protect and defend information and information systems by ensuring confidentiality, integrity, availability, accountability, restoration, authentication, non-repudiation, protection, detection, monitoring, and event react capabilities within your organization. Our comprehensive services include, but not limited:
Exercises and SimulationCyber Security
Federal Information Security ManagementAct (FISMA) Implementation SupportCritical Infrastructure Asset Identification and Configuration Management Databases
Health Insurance Portability and Accountability Act Implementation SupportInformation Assurance of Critical Infrastructure
Cryptographic Support and ServicesRisk Management (Vulnerability Assessment and Threat Identification)
Record ManagementInformation Systems Security
Public Key InfrastructureSecurity Operations Center Development and Operations Management
Trusted Internet Connections implementationApplication Security
Security Review and Analysis of Automated Information SystemsDisaster Recovery
Identity Management and AssuranceCritical Infrastructure Continuity and Contingency Planning
Intelligent, Automated Data Collection and AnalysisIncident Response Planning and Execution
IT Forensics and eDiscoveryTraining and Awareness Programs
Comprehensive counseling services
We help our clients manage every step in the data life cycle:
- Privacy audits, privacy impact assessments (PIA), and privacy-by-design (PbD) programs
- Privacy risk management for “Big Data” and “People Analytics” engines, Social Media, Internet of Things (IoT) and smart devices, and other emerging, disruptive technologies
- Designing and implementing legal and technical enterprise privacy governance structuresInternational data transfers (both intra-group transfers and third-party transfers), including implementation of Safe Harbor, EU model contract clauses, and binding corporate rules (BCR)
- Integration of foreign affiliates into internal data sharing/access schemes, and implementation of data processing through outsourcing by third party service providers (including cloud computing platforms and services)
- Implementation of new software applications to process, for example, employee or customer data (e.g. CRM systems, ERP systems, employee monitoring technologies)
- Designing online privacy policies, terms of service (ToS) and end user licensing agreements (EULA), relating to core privacy and related consumer-protection issues, such as online behavioral advertising (OBA), cookies and similar tracking technologies, commercial email, phone and text advertising campaigns, non-traditional channels (social, viral, media-integration), and e-commerce platforms
- Counseling pursuant to a host of international privacy rules and regulations and related consumer-protection statutes, including but not limited to: EU Data Protection Directive 95/46/EC and its local member-state implementations; (draft) General Data Protection Regulation; Children’s Online Privacy Protection Act (COPPA); Gramm-Leach Bliley Act (GLBA); Fair Credit Reporting Act (FCRA); Family Education Rights Protection Act (FERPA); California Online Privacy Protection Act (CalOPPA); Computer Fraud and Abuse Act (CFAA); Controlling the Assault of Non-Solicited Pornography and Marketing Act (CAN-SPAM); Electronic Communications Privacy Act (ECPA); Federal Trade Commission Guidelines and the FTC Act; Payment Card Industry (PCI) Standards; Student Online Personal Information Protection Act (SOPIPA); Telephone Consumer Protection Act (TCPA); and dozens of other privacy-related rules and regulations
Our security solutions work together from deep within the data center out to the farthest remote devices, and all along the networks within the cloud. As a result, our technology can provide full-spectrum visibility and share context-aware intelligence, enabling you to adapt to ever-changing threats and regulations, while continuously strengthening security across your Agency or organization.
- Network security to protect the ever-shifting perimeter;
- Endpoint Security and encryption to protect data wherever it goes;
- Identity and access management to reduce ambiguity and complexity; and
- Compliance with industry best practices such as National Institute of Standards and Technology (NIST) Cybersecurity Framework, Health Insurance Portability and Accountability Act (HIPAA), and Health Information Trust Alliance Common Security Framework (CSF)(HITRUST-CSF).