Compliance Regulations
Back

Sarbanes-Oxley Section 404
The Sarbanes-Oxley (SOX) Act of 2002 requires Security and Exchange Commission (SEC) registrants to establish and maintain an effective internal controls structure over operations and finance, prepare a management report on the effectiveness of the controls, and obtain an attestation from an external auditor regarding the controls' effectiveness.

Gramm-Leach-Bliley Act (GLBA)
GLBA requires all defined financial institutions to:

  • assess the environmental risks of unauthorized exposure of customers' confidential information
  • develop controls to mitigate the risks identified,
  • regularly update the risk assessment and controls.

OurTech’s Baseline Assessment can helps organizations assess risk, develop appropriate controls to secure customer information, and test compliance.

A properly performed Baseline Assessment can help meet the requirements with a third-party, independent assessment of an institutions progress towards GLBA compliance and the security of financial information. In addition to the assessment, OurTech can provide clients with recommendations for aligning their security program with compliance requirements. OurTech also provides assistance with the implementation of administrative and technical recommendations.

Health Insurance Portability and Accountability Act (HIPAA)
Organizations that process and/or maintain healthcare-related information are mandated by the Health Insurance Portability and Accountability Act (HIPAA) to demonstrate security compliance of electronic protected health information (ePHI). OurTech’s Baseline Assessment (BA) helps healthcare organizations understand and meet the requirements, better managing risks to guard data integrity, confidentiality and availability.

Our HIPAA BA service assists organizations in determining their current security posture as well as developing a mitigation strategy to prevent the exposure of health information and insure HIPAA security compliance. Risk assessment is a mandatory requirement of the HIPAA security rule.

Upon completion of the HIPAA assessment, we provide clients with a comprehensive report of their systems for processing, storage, and transport of electronic protected health information (ePHI) .

Fair Credit Reporting Act (FCRA)
The U.S. Fair Credit Reporting Act (updated May 2004) seeks to achieve private, fair, timely and accurate reporting of credit information by regulating the activities of credit bureaus and their reporting members, limiting access to individual credit information, and requiring creditors to disclose certain information regarding their use of credit bureau or third party information.

The issues surrounding compliance with the FCRA have become more complex over the last few years. Laws and regulations governing privacy, identity theft, homeland security, use of Social Security numbers, growth and sophistication of hackers and other information and privacy topics are being debated and adopted at both the federal and state levels. All of these public and private efforts to address the emerging technology challenges have an impact on lenders and other entities that provide information to credit reporting agencies.

In July, 2003 California became the first state to enact an “Information Breach” law. This state legislation addresses any organization which gathers and stores non-public data concerning California residents. The law is broad in its definition of which companies and data are affected; as well as specific about the remedies required.

State Legislations
SB 1386 requires any breach not identified as part of an on-going criminal investigation to be reported to the individuals who may be harmed as well as general media outlets. In addition, the law provides up to $250,000 in fines and limited jail time for corporate officers who fail to compile, as well as specific civil remedies for individuals.

Since enactment of California’s law regarding notification of information security breaches, thirty five other states have enacted a similar law requiring breach notification with fines and penalties with many states still pending enactment legislation.

While these laws provide additional layers of protection for consumers, they also add significant additional liabilities to protect confidential data and to comply with notification laws. The best way to ensure you are in compliance with State and Federal laws is to have a well defined compliance strategy.

Nebraska – L.B. 876 passed in 2006. Now cite as Neb. Rev Stat. 87-801 et seq. Requires notice to consumers of a breach in the security of unencrypted, computerized personal information if investigation determines use of information has occurred or is reasonably likely to occur.
Upcoming Events
   Weekly Webinars
Take 30 minutes to join us and learn more about OurTech Solutions.
We host weekly webinars to give insight into our Computer Managed Services. Our goal is to interact with you and to show how your business will grow stronger as computers are managed to work for you! Sign up to attend a webinar!
 
Looking for Opportunities?
At OurTech Solutions we're always looking to employ qualified people.  Contact us for more information!
Sign Up For Our Newsletter!
Want to be an Affiliate?
In a true "we succeed, when you succeed" business model, OurTech invests in your success by being able to provide a complete toolset to help you create, market, sell and implement a managed IT service business. Our programs introduce our partners to the many benefits and revenue opportunities that can be realized with our managed network service application.  (read more)

Click to verify BBB accreditation and to see a BBB report.           

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 
HOME  :: SERVICES  ::  SECURITY  ::  ABOUT US  ::  LOGIN
ourtechsolutions.com © 2007 :: Privacy Policy :: Contacts & Support