Regulatory Compliance Service Consulting

As an independent auditor, our regulatory compliance services are designed to assist companies meet federal regulations governing network security and internal controls.


SAS 70
Statement on Auditing Standards (SAS) No. 70, Service Organizations, is an internationally recognized auditing standard developed by the American Institute of Certified Public Accountants (AICPA). A SAS 70 audit or service auditor's examination is widely recognized, because it represents that a service organization has been through an in-depth audit of their control activities, which generally include controls over information technology and related processes.

In today's global economy, service organizations or service providers must demonstrate that they have adequate controls and safeguards when they host or process data belonging to their customers. In addition, the requirements of Section 404 of the Sarbanes-Oxley Act of 2002 make SAS 70 audit reports even more important to the process of reporting on effective internal controls at service organizations.

WIRED Security assists companies manage compliance to this technical auditing standard.

FFIEC
The Federal Financial Institutions Examination Council was established on March 10, 1979, pursuant to title X of the Financial Institutions Regulatory and Interest Rate Control Act of 1978 (FIRA), Public Law 95-630. The Council is a formal interagency body empowered to prescribe uniform principles, standards, and report forms for the federal examination of financial institutions by the Board of Governors of the Federal Reserve System (FRB), the Federal Deposit Insurance Corporation (FDIC), the National Credit Union Administration (NCUA), the Office of the Comptroller of the Currency (OCC), and the Office of Thrift Supervision (OTS) and to make recommendations to promote uniformity in the supervision of financial institutions.

We assist companies to align with the FFIEC Information Technology Examination Handbook and Guidelines.

SB 1386
On September 26th, 2002, the Secretary of State of California chaptered Bill 1386, to state that - any business or agency that uses a computer to store confidential personal information about a California resident, must immediately notify that individual, upon discovering of any breach to the computer system on which this information is stored.

Failure to notify the individual(s) could subject the business/agency to civil damages and lawsuits.

The statute became effective July 01, 2003.

While lawsuits can be sufficiently damaging to a company's bottom-line and reputation, Wired Security Solutions has been advised that not dealing with the risks associated with SB 1386 could also trigger violations of the Sarbanes-Oxley Act, which has serious consequences for violators.

WSi has built a comprehensive solution to help companies manage compliance to this law.

HIPAA
The HIPAA Security Compliance service focuses on the third and final section of the Health Insurance Portability and Accountability Act of 1996. Finalized and released on February 20, 2003, the security requirements outlined in the CFR Parts 160, 162, and 164 describe security controls that must be used by all US based health care providers.

The final rule becomes enforceable in April of 2005 for large providers, and April of 2006 for smaller health care providers.

Responsibility for compliance with the security rule has been placed upon individual health care providers to assert reasonable 'good faith effort'.

Our security reports are designed to represent a 'good faith effort' in showing compliance. The service was designed in consultation with The Center for Medicaid Services (CMS); the authoritative agency responsible for enforcement of the HIPAA security rule.

Sarbanes-Oxley
The Sarbanes-Oxley Act of 2002 details in sections 302 and 404 that CEO's, CFO's and independent auditors and committees are required to:

* Certify the accuracy of financial statements and disclosures.
* Indicate in each periodic report whether or not there were significant changes in internal controls or related factors.
* Provide auditor's attestation to, and report on, management's assessment of the internal controls and procedures.
* Report that controls and procedures for financial reporting and disclosure have been evaluated for effectiveness within the past 90 days.

Our services are used in conjuction with a certified public accountancy firm registered to conduct Sarbanes-Oxley internal controls assessment and attest to the effectiveness of an organizations security measures.

GLB
The Graham Leach Bliley Act (GLB), also known as the Financial Services Modernization Act, requires technical and physical safeguards for customer records and information.

These safeguards are to ensure the security and confidentiality of customer records and information, protect against any anticipated threats or hazards to the security or integrity of these records, and protect against unauthorized access to or use of these records or information that would result in substantial harm or inconvenience to a customer.

Our correlation services interpret a company's compliance with section 314.4 of the safeguards rule of Gramm-Leach-Blily Act of 1999.

At WIRED Security, Our Customers are Priority One.