Regulatory Compliance Solutions

Managing an information security program and assuring it’s compliant is no easy task

Pondurance provides information security consulting and regulatory compliance services to assist clients in implementing and managing an information security program in order to achieve compliance with regulatory requirements. We also provide project remediation services to assist non-compliant organizations in developing cost-effective compliance solutions and compliance management programs, to insure our clients maintain regulatory compliance.

Pondurance will perform a thorough assessment of the client’s policies, procedures and technologies to secure their IT environment and meet compliance requirements such as PCI DSS, HIPAA Security, ISO 27001 and NECR-CIP. We also perform a risk assessment of any non-compliant findings in order to help prioritize remediation efforts and develop cost-effective solutions to complex compliance issues. Finally, our focus is for our clients to achieve compliance, as well as, to secure their IT environments from possible attacks and data breaches.

PCI DSS: Pondurance is a PCI Security Standards Council (PCI SSC) Qualified Security Assessor Company (QSAC). Our staff include some of the most experienced assessors in the industry and have a strong understanding of payment card processing. We have assessed major Level 1 Merchants and Service Providers, as well as, assisted corporations in performing Self Assessment Questionnaires (SAQ). You can find a full overview of our PCI DSS services with more information on how we can help you.

HIPAA Security: Pondurance is an expert in assessing covered entities and business associates with the HIPAA Security, HITECH and Meaningful Use requirements to identify gaps in compliance and assist in remediation to achieve compliance. Our team of highly experienced consultants has worked with both large and small hospitals, physician practices, insurance companies and a wide variety of business associates. Check out some more information on the different levels of our HIPAA assessments.

NERC-CIP: For those organizations involved in power generation, Pondurance has years of experience assessing to the NERC-CIP standard and assisting clients in developing and implementing information security programs to meet the NERC-CIP standard.

ISO 27001: Pondurance assists organizations in both assessing compliance with the ISO 27001 standards, as well as, implementing the standard as a framework for an overall information security program. We map PCI DSS, HIPAA or NERC-CIP requirements to the ISO 27001 standards to implement a holistic information security program that addresses all regulatory compliance requirements.

Our Compliance Practice provides a full life-cycle approach to information security and compliance by providing assessment services, remediation services, and compliance program management services to ensure both a secure IT environment and regulatory compliance.