Becoming compliant with state and federal guidelines means assessing your business’ risks, having policies and procedures in place, and training your staff on those policies and on federal and state regulations. Review the following items and see where there might be gaps in your compliance program.
Gather Policies and Procedures
- Privacy and security policies, procedures, and forms
- Risk Mitigation/Management policies, procedures, and forms
- Breach notification policy and procedure
- Password policies and workstation security policies
- Disaster recovery and breach policies, procedures, and forms
Review Level of Risk and Related Policies
- Most recent risk analysis
- List of all hardware and software containing PII or PHI
- Breach notification and Incident management processes
- List of devices and systems that use encryption, along with the type of encryption
- List of all users and access to systems with PII or PHI
- Facility security plan and office layout
Gather Any Other Compliance Documentation
- Business associate agreements or other vendor contracts
- Employee Handbook
- Organizational Chart with Privacy and Security/Compliance Officer’s job description and contact information
Gather Training Documentation
- Training system
- Training Log
- Employee Certifications
VanRein Compliance takes the extra step to ensure the data you work with stays secure. Below are some of the additional options we provide to give you a complete compliance solution.
Data Security Regulations
- GDPR, California Consumer Privacy Act, and New York SHIELD Act compliance information
- Up to date information on upcoming trends in data regulations
- Compliance training and documentation for state-level security regulations
Dark Web Monitoring and Cybersecurity Training
- 24/7 monitoring of domain names and employee account information on the Dark Web
- Real-time alerts for compromised credentials
- Email phishing simulations for employees
- Training on cybersecurity awareness and avoiding common cybercrimes
Business Associate Attestations
- Assess your business associates and other vendors with access to PII or PHI for security risks and adherence to data security regulations
- Ensure your vendors are protecting your data and fulfilling their requirements
Customized Training
- Training tailored to the needs of your business
- Industry-specific training
- Compliance quizzes and training logs for your employees