One Industry or Many
ITPG has consultants and certified PCI QSA assessors and auditors that specialize in industry-specific policies, procedures, and security controls that allow us to simplify processes, reduce costs and enhance security in those areas that matter most.
Healthcare: HIPAA, MU (Meaningful Use). Organizations that store, process, or transmit electronic protected healthcare information (ePHI) must be HIPAA compliant. Meaningful Use attestation requires HIPAA compliance as part of an organization’s Book of Evidence submittal. ITPG’s strongest vertical is healthcare, including Accountable Care Organizations, Covered Entities, Ambulatory Groups, Revenue Cycle Management, and Healthcare IT service providers.
Retail: PCI DSS. Merchants and/or Service Providers require annual PCI DSS compliance and attestation with various PCI security tasks, operations, and reporting required to maintain compliance. ITPG helps organizations customize and implement a PCI “Compliance-as-a-Service” solution to ensure compliance is maintained.
Federal Contractors: NIST SP-800-171. With a Dec 2017 compliance deadline, US government contractors that store, process, or transmit unclassified controlled information (CUI), must comply with NIST SP-800-171. ITPG helps organizations with 171 gap analyses, gap remediation assistance, and Report on Compliance (ROC).
Banking: FFIEC, PCI DSS. FFIEC inherent risk profile & cyber security maturity must be adhered to along with PCI DSS for Issuing banks and federal credit unions. ITPG has worked with financial service companies to streamline internal work-flows that access systems, applications, and regulated data.
Financial Services: FINRA, SEC/OCIE, AML. Financial services and hedge fund firms must comply with various financial compliance mandates. ITPG has worked with both wealth management and hedge fund firms to implement proper cyber security and compliance programs.
Government: FISMA 2014. Updates to the new FISMA law require updates and enhancements to pre-existing System Security Plans. ITPG has hands-on system integration and FISMA security control implementation experience, including on-going IT support.
Airports: PCI DSS. PCI DSS compliance for international airports is complex given the dual Merchant & multi-tenant Service Provider requirements that many operate under. ITPG understands these complexities from working with MSP, MCO, and other airport authorities.
Higher Education – FERPA, HIPAA, FISMA, PCI DSS, NIST SP 800-171. Colleges and universities harbor unique regulatory compliance requirements including private data (Personally Identifiable Information), grades and transcripts under FERPA law, protected healthcare information (ePHI) of students for infirmaries, nursing, and medical teaching schools under HIPAA law, and potentially PCI DSS card holder data (bookstores, cafeterias, vendors/merchants, etc.). Some colleges and universities that perform research and development for the US Federal Government are required to maintain FISMA compliance in some capacities. If they contract with the federal government, colleges and universities may also be subject to NIST SP 800-171 regulations to protect Controlled Unclassified Information (CUI).