Compliance and regulatory services

Wherever sensitive corporate or personal information is divulged, stored or distributed, security regulations rightfully abound. Compliance with the complex regulatory requirements enacted by both the public and private sectors is no easy task. While the "why" of most regulations involve privacy issues, the "how" regarding the assessment and implementation of security measures can vary significantly from one industry to the next.

IBM security consultants are specially trained and certified in the regulations that affect your business. Our security consultants will assess your existing security processes and make recommendations to help your organization prepare for, and pass, periodic security audits.

IBM security consultants follow a five-step process to help you meet and exceed regulatory compliance requirements. These five steps include:

1. Assessment
2. Design
3. Deployment
4. Management
5. Education

This methodical approach to information security helps your organization meet the security best practices that keep you in compliance with the regulatory requirements of your industry.

IBM Compliance and Regulatory Services include:

• Sarbanes-Oxley (SOX) Assessment: IBM security consultants analyze your current security state and help to implement solutions that conform with the requirements of Section 404 of the Sarbanes-Oxley Act.
• Health Insurance Portability and Accountability Act (HIPAA) Assessment: IBM security consultants help your healthcare organization meet HIPAA requirements to protect the privacy of patient information, and maintain data integrity for employees, customers and shareholders.
• Payment Card Industry (PCI) Assessment: IBM is one of the only vendors in the world certified to perform all PCI assessment services globally. IBM security consultants can help guide your organization through the entire PCI compliance process.
• California Senate Bill No. 1366 Assessment (NOT included in S1SF extract: IBM security consultants help your organization meet CA Senate Bill No. 1386 requirements to safeguard the confidentiality, integrity and availability of personal information of your customers in California.
• Gramm-Leach Bliley Act (GLBA) Assessment (NOT included in S1SF extract): IBM security consultants help your financial institution achieve security best practices to comply with GLBA.
• Supervisory Control and Data Acquisition (SCADA) Assessment (NOT included in S1SF extract): IBM security consultants with special expertise in SCADA networks assess and analyze the vulnerabilities of your SCADA systems to identify security gaps and work with you to implement any necessary protection solutions.