IT Compliance

Don't leave your business at risk

Coordinated Business Systems provides a comprehensive suite of standards-based, easy-to-use, and cost-effective IT Compliance solutions that enable you to meet and exceed even the most stringent requirements.

We make compliance more affordable and reliable, so you can stop worrying about regulations and focus on your business.

We provide the following Regulatory Compliance services:

  • Validation Planning & Management
  • Augmentation of your Existing Validation Project Team
  • Policies and Procedures for IT Compliance
  • Validation/Verification of Regulated Systems
  • Electronic Record/Electronic Signature Validation
  • Compliance Assessment and Remediation Plans
  • Quality System Audits for Vendors and Service Providers
  • Risk Assessment & Management for Computerized Systems
As credit card theft increases, so does corporate liability. In response, five of the major credit card companies – Visa, MasterCard, American Express, Discover and JCB – have voluntarily established a payment card industry (PCI) data security standard. This standard must be implemented by all merchants and their Web hosts, shopping cart vendors, and payment service providers. The PCI data security standard requires card issuers and processors to invest in the necessary compliance technology and training; and those who don’t comply can face fines of up to $500,000 – and the possibility of being barred from accepting credit card payments at all.
HIPAA mandates national standards for the security of electronic health care information. HIPAA standards for security specify administrative, technical, and physical security procedures that covered entities must use to assure the confidentiality of electronic protected health information.
In order to comply with new standards for confidentiality, organizations must develop an ongoing compliance monitoring process that equips them to comply with SOX requirements and PCAOB IT General Control objectives. These are the SOX requirements:

  • Implement and test controls that protect the integrity of applications and infrastructure. Most corporations, especially dispersed organizations, will need automated software systems to meet this requirement.
  • Define and document key application security and segregation of duties controls.
  • Govern the control processes for application access additions, changes, and deletes.
  • Ensure long-term compliance through ongoing testing and tracking.
ISO 27001 is a standard published by the Information Security Management System that gives businesses a way to bring information security under their control.

There are 11 domains covered by this standard, that when met according to levels set out in the standard will lead to a business being able to be audited and certified compliant, therefore meeting information security standards.

The 11 domains are:

  1. Security policy
  2. Organization of information security
  3. Asset management
  4. Human resources security
  5. Physical and environmental security
  6. Communications and operations management
  7. Access control
  8. Information systems acquisition, development and maintenance
  9. Information security incident management
  10. Business continuity management
  11. Compliance