secpliance is Illumant’s compliance consulting unit focused on regulatory security requirements and security best practices, including risk analysis, policies and procedures, and compliance readiness

Not Sure Where to Start?

The following services address security best-practices, but can also be augmented to provide a gap analysis against various regulations and standards:

    Policies Procedures and Practices Assessment (PPPA) ‐ Ensures that documented IT policies and procedures, and associated practices, are aligned with best-practices and applicable regulatory requirements. The PPPA is a gap analysis and the first place to start towards compliance with best-practices, regulatory requirements, and standards, such as HIPAA, SOC, PCI, CIPv5, NIST, ISO, DFARS, GLBA, SOX, etc. {Read more}

    Risk Assessment (RA) ‐ Combination of qualitative and quantitative analysis to determine the top threats to information security, biggest vulnerabilities, and largest opportunities for risk reduction through cost-benefit analysis {Read more}

 

Featured Compliance Services

PCI-DSS Compliance

Our PCI-C service is a one-stop solution for on-going compliance with PCI-DSS. Illumant determines the applicable PCI-DSS requirements for each client based on transaction volume, credit card handling processes, and partner relationships. We prepare the relevant self-assessment questionnaire (SAQ) and any applicable attestations of compliance (AOCs). We address approved scanning vendor (ASV) requirements, and conduct all internal vulnerability assessments, penetration testing, and quarterly wireless security assessments. Internal assessment are handled remotely via supplied appliance. The PCI-C helps protect cardholder data, and simplifies on-going compliance with all the requirements of PCI. We can also assist with updates to and initial development of security and PCI-related policies and procedures.

HIPAA/HITECH Security Rule Compliance and Security Risk Assessment

Illumant's HIPAA-C service is a straightforward solution for addressing the compliance and security risk analysis requirements of the HIPAA Security Rule and the HITECH Act, and for addressing a core objective of "Meaningful Use". Illumant leverages a refined model for conducting the required HIPAA security risk analysis, and assesses an organization’s safeguards to ascertain compliance with the HIPAA security rule. The assessment includes optional internal and external technical vulnerability analysis, technical and physical penetration testing, and social engineering. Illumant provides practical remediation advice for addressing gaps and shoring up compliance.

SOC (aka SSAE 16/SAS 70/AT 101) Readiness

Our SOC-C services helps service providers obtain their SOC 2/SOC 3 reports (aka SAS 70, SSAE 16, AT 101, WebTrust, or SysTrust). Illumant identifies and helps remediate gaps between an organization’s existing controls, and required attestation standards and applicable trust principles. Illumant helps design and document controls, and tests controls to ensure a successful audit and attestation engagement.

NERC CIPv5 Assessment and Compliance

The CIPv5-C is an assessment of compliance with the latest version of the Critical Infrastructure Protection (CIP) standard published by the North American Electric Reliability Corporation (NERC). Illumant identifies gaps between a client’s security measures and protocols and the requirements of CIPv5. Per request, Illumant will assist with compliance readiness by helping remediate the gaps identified above by documenting policies and procedures, and designing compliant security measures to meet CIP requirements.

Not seeing the specific standards or regulations you need? We have experience with many other regulations and standards. Click here to contact us for more information.

Assessments

Compliance

Security Awareness Training

Other Links

Contact Information

431 Florence Street, Suite 210
Palo Alto California, US
Phone: 650 961 5911
Fax: 650 961 5912
Email: [email protected]

Currently in Palo Alto

2006-2024 © Illumant, LLC. All Rights Reserved.