Assessments
CyberGuard Advantage, LLC provides Assessment Services, including PCI Assessments, IT Security Readiness Assessments, HIPAA Privacy and Security Assessments, IT Risk Assessments, and Privacy Assessments.
PCI Assessments
The Payment Card Industry (PCI) security standards are endorsed by the founding major credit card companies. PCI SSC includes over 600 participating organizations ranging from banks, vendors, merchants, and processors located all across the world.
CyberGuard Advantage's experienced team of Qualified Security Assessors (QSAs) and PCI experts leverage the most advanced compliance tools and lead the industry in PCI Compliance practices to provide a comprehensive suite of PCI Compliance services for our Clients. CyberGuard Advantage, LLC is approved as a Qualified Security Assessor and can be found on the official PCI SSC website to service the US here.
Whether your organization is a large enterprise, service provider, or merchant, CyberGuard Advantage offers a comprehensive suite of services to help you achieve and maintain PCI Compliance.
IT Risk Assessments
CyberGuard Compliance’s team of security professionals have years of experience, leverage the most advanced security tools, and lead the industry in security practices to provide a comprehensive set of IT Risk Assessments. Our professionals take time and care in preparing our reports. We screen out false positives to allow our clients to focus on the true vulnerabilities and risks posed to your systems.
IT Security Readiness
CyberGuard Advantage performs a very detailed Readiness Assessment to provide you with a Gap Matrix on what would pass right away, and what would fail. We list the failed controls in priority order and provide a detailed action plan which will allow you to remediate the gaps. We will do a complete Audit Readiness walkthrough of all controls, and provide details on what needs to be done for your company to pass every test associated with the Audit.
HIPAA/HITECH Privacy & Security
CyberGuard Advantage has assisted many clients with their efforts to achieve compliance with the Health Insurance Portability and Accountability Act (HIPAA), Omnibus Rule, and subsequent Health Information Technology for Economic and Clinical Health (HITECH) Act. These regulations place an emphasis on the protection of healthcare data against unauthorized uses and disclosures, while ensuring that individuals have access to their information. Achieving HIPAA compliance strikes that balance by providing essential elements of privacy, confidentiality, integrity and availability through its Privacy and Security Rules.
The Rules include required policies, procedures, and processes for Covered Entities and their business associates that store, process, or transmit electronic Protected Health Information (ePHI). IT vendors, data analytics companies, and other service providers are increasingly being asked to demonstrate that they comply with HIPAA for Business Associate Agreements. CyberGuard Advantage, with its dedicated team of health IT professionals, can help you provide assurance to your customers that their ePHI is secured.
Privacy Assessments
Consumer data privacy protection laws such as GDPR and CCPA/CPRA have led the way to require that organizations provide individuals with control over their personally identifiable information (PII). Many other states are now following suit, making data privacy a top priority for companies who collect, store, process, and transmit PII. CyberGuard Advantage performs data privacy assessments to ensure that your organization not only meets the regulatory requirements but also assists you in gaining trust from your business partners and customers that their data is protected. Our team of privacy professionals will help you to provide clarity and transparency to how your privacy program, privacy statements, policies, and processes meet the compliance requirements for GDPR, CCPA/CPRA, and many emerging state privacy laws.
General Data Protection Regulation (GDPR)
In 2016, the European Union (EU) passed the General Data Protection Regulation (GDPR), and as of May 25, 2018, all organizations were required to be compliant. The GDPR imposes data privacy and security obligations onto organizations anywhere, even if they are not located in the EU, as long as they process the personal data of EU citizens or residents, or offer goods or services to such people. Considered the toughest data privacy and security law in the world, GDPR has become the “gold standard” by which other countries have begun to model their data privacy and security consumer protection laws. Penalties can be levied upon organizations who violate GDPR standards and can reach in upwards of tens of millions of euros in some cases.
The GDPR regulation sets a baseline for data privacy and security consumer protection which includes an individual’s right for data processing according to the following key principles:
- Lawfulness, fairness, and transparency: Data Processing must be lawful, fair, and transparent to the data subject.
- Purpose limitation: Organizations must process data for the legitimate purposes specified explicitly to the data subject when it is collected.
- Data minimization: Organizations should collect and process only as much data as is necessary for the purposes specified.
- Accuracy: Organizations must keep personal data accurate and up to date.
- Storage limitation: Organizations may only store personally identifying data for as long as necessary for the specified purpose.
- Integrity and confidentiality: Processing must be done in such a way as to ensure appropriate security, integrity, and confidentiality (e.g., by using encryption).
-
Accountability: The data protection officer is responsible for being able to demonstrate GDPR compliance with all these principles.
California Consumer Privacy Act (CCPA)
On January 1, 2020, the California Consumer Privacy Act (CCPA) went into effect and is considered one of the strictest privacy laws in the Unites States. CCPA impacts corporate privacy initiatives across all sectors of the technology, media, entertainment, and telecommunications industries, as well as others who may collect and use consumer data for internal and external purposes.
The California Privacy Rights Act (CPRA), a ballot initiative that amends the CCPA and includes additional privacy protections for consumers passed in November 2020, and its provisions were entered into force as of January 2023, with a look-back to January 2022.
The laws gives Californians the following rights:
- Know what personal information is being collected about them.
- Know whether their personal information is sold or disclosed and to whom.
- Opt out of the sale of their personal information.
- Access their personal information.
- Equal service and price, even if they exercise their privacy rights.
The CCPA/CPRA applies to for-profit businesses that collect and control California residents' personal information, do business in the state of California, and meet at least one of the following thresholds:
- Annual gross revenues larger than $25 million;
- Receive or disclose the personal information of 50,000 or more California residents, households, or devices each year; or
- Make 50 percent or greater annual revenue from selling California residents' personal information.
Learn more about our other Services.