Compliance:
FISMA and FedRAMP Compliance
At CCG, our experts are well versed in every detail of The Federal Information Security Management Act of 2002 (FISMA) and the Federal Risk and Authorization Management Program (FedRAMP). Achieving compliance with these regulations and mandates can be time-consuming and overwhelming to achieve, and failure to comply can result in loss in funding or an inability to do business with the Federal Government. Through our experience in the Federal Government, we understand the importance of achieving FISMA and FedRAMP compliance and will assist you in finding the best automated solutions for achieving FISMA and FedRAMP compliance.
SOX Compliance
CCG’s experience in ensuring compliance for financial services organizations extends to a detailed understanding of the Sarbanes-Oxley Act of 2002. This far-reaching legislation has set new standards for U.S. public company boards, administrators, management and accounting firms with the aim of protecting the public and the shareholders from the types of accounting errors, fraud and general scandal that have occurred recently within several high-profile companies (Enron, Adelphia) and resulted in the loss of billions of investor dollars. SOX is administered by the Securities and Exchange Commission (SEC), which determines how and when the guidelines should be met.
SOX is a far-reaching piece of compliance legislation that touches all aspects of financial services. Section 404 of SOX speaks to internal controls, and encompasses a significant element of strong internal controls that must be implemented. Section 404 has been particularly challenging to smaller companies. This portion of SOX requires reporting on internal controls over financial reporting, and calls for detailed documentation and auditing.
GLBA compliance
The Gramm-Leach-Bliley Act (GLB) was enacted in 1999, signed into law by President Bill Clinton and repealed a section of the Glass-Steagall Act of 1993, which prohibited institutions from acting as any combination of the following: investment bank/commercial bank/insurance company. The legislation was designed to significantly enhance the powers and authority of financial institutions by allowing the formation of new financial holding companies and it limits privacy protections against the sale of private financial information. GLBA also codifies protections against obtaining information through false pretenses.
The GLBA devises three requirements in the protection of the personal data of individuals. Banks and insurance companies, as well as brokerage firms, are required to store personal financial data. Secondly, they must make transparent all policies and procedures regarding the sharing of said personal information and, thirdly, they must give customers the option of declining the sharing if their personal information.
There are key issues and difficulties in achieving GLBA compliance and at CCG we have the knowledge and experience to help you form a plan of action and construct solutions when it comes to vulnerability assessment and management.
FFIEC Compliance
CCG has an in-depth understanding of the Federal Financial Institutions Examination Council (FFIEC), which prescribes a framework and a risk assessment process governing the process of bank customer identity/authentication, stresses the importance of risk mitigation and minimization strategies when it comes to authentication of banking customers who access their information online and highlights the need for multi-factor authentication.
FFIEC focuses on three main areas of risk assessment: Identification of online customer transactions and access points; identification and evaluation of risk minimization and authentication strategies; and researching the effectiveness of said strategies for a variety of transactions.
To learn more about how CCG can help you gain compliance and adhere to the FFIEC framework within your organization, click here.
[/cherry_row_inner]