Cybersecurity and Compliance
Petronella Technology Group, Inc. serves customers across many vertical sectors in both public and private organizations. We understand that every industry and organization can be faced with unique IT challenges. Our expertise enables us to help clients navigate the requirements of their industry – such as HIPAA, Sarbanes, Oxley, and NIST – to find a solution that meets their needs. We will partner with you to design, implement, and support a solution that meets your specific requirements.
We are proficient with regulatory compliance issues such as:
California Consumer Privacy Act of 2018: On June 28, 2018 California legislature passed AB 375, the California Consumer Privacy Act of 2018, effective January 1, 2020. If the law is not amended before it becomes effective, The California Consumer Privacy Act, AB. 375 — gives California residents an array of new rights, starting with the right to be informed about what kinds of personal data companies have collected and why it was collected.
GDPR: General Data Protection Regulation: The General Data Protection Regulation (GDPR) (EU) 2016/679 is a regulation in EU law on data protection and privacy for all individuals within the European Union and the European Economic Area. It also addresses the export of personal data outside the EU and EEA. The GDPR aims primarily to give control to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.
ISO 27001, ISO 27002, SOC 1, SOC 2, SOC 2 Type II, SOC 3, HIPAA, HITRUST, GLBA, PCI, FACTA, SOX, FERPA, Sarbanes-Oxley, SOX, FDA 21 CFR PART 11 (Electronic Records) & 21 CFR 820 (Quality Systems), NIST SP 800, ISO 27001-2013, FedRAMP, COBIT, SSAE16.
NIST 800-171: NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY (NIST) SPECIAL PUBLICATION (SP) 800-171, "PROTECTING CONTROLLED UNCLASSIFIED INFORMATION IN NONFEDERAL INFORMATION SYSTEMS AND ORGANIZATIONS", http://dx.doi.org/10.6028/NIST.SP.800-171
HIPAA: The Health Insurance Portability and Accountability Act of 1996 (HIPAA; Pub.L. 104-191, 110 Stat. 1936, enacted August 21, 1996) was enacted by the United States Congress and signed by President Bill Clinton in 1996.
GLBA: The Gramm-Leach-Bliley Act (GLBA), also known as the Financial Services Modernization Act of 1999, (Pub.L. 106-102, 113 Stat. 1338, enacted November 12, 1999) is an act of the 106th United States Congress (1999-2001).
PCI: The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards designed to ensure that ALL companies that accept, process, store or transmit credit card information maintain a secure environment.
FACTA: FACTA (Fair and Accurate Credit Transactions Act) is an amendment to FCRA (Fair Credit Reporting Act ) that was added, primarily, to protect consumers from identity theft.
SOX: The Sarbanes-Oxley Act of 2002: (Pub.L. 107-204, 116 Stat. 745, enacted July 30, 2002), also known as the "Public Company Accounting Reform and Investor Protection Act" (in the Senate) and "Corporate and Auditing Accountability and Responsibility Act" (in the House) and more commonly called Sarbanes-Oxley, Sarbox or SOX.
FERPA: The Family Educational Rights and Privacy Act (FERPA) (20 U.S.C. § 1232g; 34 CFR Part 99) is a Federal law that protects the privacy of student education records. The law applies to all schools that receive funds under an applicable program of the U.S. Department of Education.
We can support these with our commitment to process and procedure improvements (ISO 20000, ISO 27001, ISO 27002, etc.).
Our CISSP Certified Security and Compliance team is under the direction of an ISACA-Certified Information Systems Auditor who coordinates and provides security and compliance assessments and consultations.
- Knowing a facility’s compliance for administrative, physical, and technical aspects
- Knowing the security of your network, data, and devices
- Avoiding the steep fines associated with non-compliance
- Establishing and maintaining the image of a well-run, compliant facility
Personally identifiable information (PII) is any data that could potentially identify a specific individual. Any information that can be used to distinguish one person from another and can be used for de-anonymizing anonymous data can be considered PII.
If a business or practice uses tablets and smartphones for personal identifiable information, our optional patented software and Mobile Device Management Assessment can protect, identify, and recommend best practices.