Compliance Frameworks Expertise
We help you comply with any frameworks
Concord Compliance has the experience and expertise to help organizations with a variety of compliance frameworks.
Concord Compliance has the experience and expertise to help organizations with a variety of compliance frameworks.
The Health Insurance and Portability and Accountability Act of 1996 (HIPAA) is a federal law that applies stringent protocols around how patient medical information – also known as protected health information (PHI) – is stored, accessed, and transmitted. HIPAA consists of four key components that make it important both for patients and any entity that maintains, accesses, or transmits PHI.
Due to the increasingly frequent and complex cyberattacks against the Defense Industrial Base (DIB), a collection of organizations the Department of Defense relies on, the Cybersecurity Maturity Model Certification (CMMC) program was developed to enhance cyber protection standards for companies in the DIB. CMMC compliance consists of three key requirements with the ultimate goal of protecting sensitive unclassified information.
The General Data Protection Regulation (GDPR) is a privacy and security law drafted and passed by the European Union (EU) in May 2018. GDPR is one of the most stringent privacy and security laws in the world, targeting any organization that collects data associated with EU citizens. Violations of GDPR can result in fines up to 20 million euros or 4% of global revenue. Any organization that stores or processes personal information about EU citizens must comply with the GDPR.
ISO/IEC 27000 is a widely known international body of standards that provides requirements for information security management systems (ISMS). These standards are jointly published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). Once an organization is accredited with an ISO/IEC certification, scheduled surveillance audits are required to take place.
The Payment Card Industry Data Security Standard (PCI DSS) is a credit card processing standard enacted by the major credit card brands to promote safe credit card transaction processing practices for merchants. PCI DSS fines can reach $500,000 per incident for security breaches when merchants are not compliant. There are 12 requirements of PCI DSS that companies must follow to maintain PCI DSS compliance.
The California Consumer Privacy Act (CCPA) provides consumers in California with additional rights and protections in regard to how businesses may use any gathered data and/or personal information. The CCPA imposes many obligations on businesses that are similar to those required by the EU’s General Data Protection Regulation (GDPR). Failure to comply with the CCPA may result in a fine of up to $7,500 for each intentional violation, and $2,500 for each unintentional violation.
The Sarbanes-Oxley Act was passed by Congress in 2002 to protect investors by requiring corporations to abide by an annual audit in which they are obligated to provide accurate financial records made pursuant to the security laws.
Failure to comply with SOX can result in civil and criminal penalties, including up to $5 million dollars and up to a 20-year prison term.