StackOverdrive’s Compliance experts can help your organization manage IT Risk by meeting the guidelines and regulations required to become SOX, HIPAA, or PCI compliant.
Achieving and maintaining compliance with the Sarbanes-Oxley Act (SOX) can be a difficult and time consuming process.
What is Sarbanes-Oxley Act (SOX)?SOX was designed with the goal of implementing accounting and disclosure requirements to increase transparency in corporate governance and financial reporting and formalize a system of internal checks & balances
Does my company have to comply with Sarbanes-Oxley Act (SOX) ?If you're a publicly held American company, an international company that has registered equity or debt securities with the U.S. Securities and Exchange Commission (SEC) or an accounting firm or other third party that provides financial services to either of the above then your must be SOX compliance.
The Health Insurance Portability and Accountability Act of 1996 (HIPAA), is a series of regulatory standards that outline the lawful use and disclosure of protected health information (PHI). HIPAA compliance is regulated by the Department of Health and Human Services (HHS) and enforced by the Office for Civil Rights (OCR).
Does my company have to comply with HIPAA?According to HIPAA regulations, if you identify as one of these organizational types you must HIPAA compliant
Covered EntitiesHIPAA regulations define a covered entity as any organization that collects, creates, or transmits Protected health information (PHI) electronically.
Health care organizations that are considered covered entities include:
Business Associates
HIPAA regulations define a business associate as any organization that encounters Protected health information (PHI) in any way over the course of work that it has been contracted to perform on behalf of a covered entity.
Common examples of business associates affected by HIPAA rules include:
The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards designed to ensure that ALL companies that accept, process, store or transmit credit card information maintain a secure environment.
Does my company have to be PCI Compliant?Any company or organization, regardless of size or number of transactions, that accepts, transmits or stores any cardholder data.
All merchants will fall into one of the four levels based on their Visa transaction volume over a 12-month period and must meet the requirements for that level.
