IT Consulting Services

Regulatory Compliance Solutions

Some of the main solutions we implement to help our clients achieve regulatory compliance are:

• Network Security Assessment
• Data-Leakage Protection
• Access Control Management
• Security Information and Event Management (SIEM)
• Intrusion Detection/Prevention
• Endpoint Security
• Security Configuration Management

NYS DFS 23 NYCRR 500

As of March 1, 2017, financial services companies are required to comply with rigorous cybersecurity regulations. Organizations that fall under 23 NYCRR 500 must implement a written cybersecurity program, conduct a yearly risk assessment, and apply for certification with New York’s Department of Financial Services. We’ll work with you to develop a roadmap toward successful NYS DFS certification.

HIPAA

HIPAA stands for the Health Insurance Portability and Accountability Act of 1996. HIPAA resulted in the development of regulatory standards by the U.S. Department of Health and Human Services aimed at protecting the privacy and security of certain health information. These standards are categorized under the HIPAA Privacy Rule and the HIPAA Security Rule. The Privacy Rule protects health information, while the Security Rule is aimed specifically at protecting health information that is electronically stored and/or transferred, also known as electronic protected health information (e-PHI).

We work to ensure that where e-PHI is stored, it is secure and not readily accessible to unauthorized parties. Our solutions are designed to secure sensitive data at each location individually and collectively.

PCI

Any company that processes credit cards in the course of doing business is subject to the Payment Card Industry Data Security Standard (PCI DSS, or PCI for short). Though PCI is not technically a government regulation, the credit card industry can enforce it as if it were. Non-compliant businesses can be fined or, in some cases, prevented from accepting credit card payments altogether.

PCI requirements derive from the PCI Security Standards Council (SSC). The SSC was founded by five major payment brands: American Express, Visa Inc., MasterCard Worldwide, Discover Financial Services, and JCB International. These brands have collaborated on PCI requirements and have collectively agreed to adopt said requirements in their dealings with merchants.

There is no centralized PCI agency that processes merchants’ proof of compliance—rather, merchants must deal directly with the payment brands whose cards they accept. Thus, a merchant that accepts American Express will be responsible for proving its compliance to the PCI division of American Express, not to some mediating PCI body.

In short, PCI standards serve as guidelines to keep merchants from running afoul of the major payment brands’ security requirements.

We’ll help you develop and document:

• Written Information Security Program (WISP)
• IT Policies and Procedures (for users and MIS)
• Incident Response and Recovery Plan
• Cybersecurity Framework
• Strategic IT Plan

We have extensive experience with planning and building datacenters, and we’ve saved our clients a lot of money over the years. We’ll help you answer questions such as:

• Where should my datacenter be located?
• What kind of cabling should I install?
• What kinds of floors and ceilings do I need?
• What environmental controls should I put in place?
• What security controls should I put in place?
• How should my racks be arranged, and how my components can I put in each rack?
• How much power will I need, and what kind of power-delivery system?

Once you’ve reviewed your options and settled on a plan, we’ll help you procure the equipment you need, and our expert engineering team will build your datacenter in the way that causes the least possible disruption for your end users.

We’ll help you answer questions such as:

• Should I use a hosted or an on-premises solution?
• What physical characteristics need to be present at the secondary site in order for it to be effective?
• What type of connectivity do I need to establish between my primary and secondary sites?
• What type of storage will I need to implement?
• What data and applications do I need to protect?
• What is the best way for me to set up DR services for multiple branch offices?
• Where should my secondary site be located?
• Which replication and DR-management software will give me the highest ROI?

Once you’ve reviewed your DR options and selected the one you prefer, we’ll order and test your new hardware, configure your new software, and help your technical team integrate your DR solution with your existing network.

Promenet’s IT road-mapping sessions are team-to-team meetings. Our engineers will work with your technical/managerial staff to identify how IT fits into your organization’s plans for growth. We’ll help you match various technological solutions to your organization’s strategic vision: what do you need from your network today, and what will you need from it in the future?