Compliance Overview

HIPAA – The Health Insurance Portability and Accountability Act (HIPAA) is a US federal law that regulates the use and disclosure of protected health information (PHI) by healthcare providers, insurers, and related organizations.

State Data Protection Laws – State Data Protection Laws are regulations that require healthcare organizations to protect sensitive patient data from unauthorized access, use, or disclosure.

State Regulators – State regulators are government agencies that oversee financial institutions that operate within their respective states.

Regulations – Lawfirms must comply with all regulations that apply to their clients, including financial, healthcare, and other regulations.

SEC – The Securities and Exchange Commission (SEC) is a US government agency that regulates the securities industry and protects investors.

Record Keeping – Accountants must keep accurate records of financial transactions and financial statements.

Anti Money Laundering – Accountants must take steps to prevent money laundering and report suspicious financial activity.

State Data Protection Laws – State Data Protection Laws are regulations that require accountants to protect sensitive client data from unauthorized access, use, or disclosure.

State Regulators – State regulators are government agencies that oversee financial institutions that operate within their respective states.

State Regulators – State regulators are government agencies that oversee financial institutions that operate within their respective states.

State Data Protection Laws – State Data Protection Laws are regulations that require nonprofits to protect sensitive customer data from unauthorized access, use, or disclosure.

Record Retention – State Data Protection Laws are regulations that require insurance agents to protect sensitive customer data from unauthorized access, use, or disclosure.

State Regulators – State regulators are government agencies that oversee financial institutions that operate within their respective states.

FedRAMP – Federal Risk and Authorization Management Program (FedRAMP) is a US government program that provides a standardized approach to security assessment, authorization, and continuous monitoring of cloud products and services used by federal agencies.

NIST – National Institute of Standards and Technology (NIST) is a US government agency that develops standards, guidelines, and best practices for a wide range of industries, including manufacturing, to help ensure the confidentiality, integrity, and availability of information and information systems.

DISA – United States Defense Information Systems Agency (DISA) is a US government agency that provides information technology (IT) and communication support to the US Department of Defense.

NARA – National Archives and Records Administration’s (NARA) is a US government agency that is responsible for preserving and providing access to government records.

COPPA – Children’s Online Privacy Protection Act (COPPA) is a US federal law that requires website operators to obtain verifiable parental consent before collecting personal information from children under the age of 13.

FERPA – The Family Educational Rights and Privacy Act (FERPA) is a US federal law that protects the privacy of student education records and gives parents and eligible students certain rights with respect to those records.

HECVAT – Higher Education Cloud Vendor Assessment Toolkit (HECVAT) is a toolkit developed by the higher education community to help colleges and universities evaluate the security and privacy practices of cloud service providers.

SOC 2 Type 2 – SOC 2 Type 2 compliance is a certification that demonstrates a company has implemented and follows strict information security policies and procedures to protect customer data. It involves an independent auditor evaluating the company’s controls to ensure they are effective and operating as intended.

PCI – Payment Card Industry (PCI) compliance is a set of security standards that all businesses accepting credit and debit card payments must adhere to. It requires businesses to implement certain safeguards to protect the confidentiality, integrity, and availability of cardholder data during transmission, storage, and processing.

DSS – Payment Card Industry (PCI) Data Security Standards (DSS) is a set of security standards developed by the payment card industry to help protect against credit card fraud and other security breaches.

CCPA – The California Consumer Privacy Act (CCPA) is a state law in California that gives California residents certain rights with respect to their personal information, including the right to know what information is being collected, the right to request that information be deleted, and the right to opt-out of the sale of personal information.