Last week we addressed the importance of implementing a Disaster Recovery plan under your own Business Continuity program. And as we mentioned previously, this is a necessity under most, if not all, compliance requirements. The next question is, do you know what it means to maintain compliance?
What is Compliance?
Two primary compliance requirements cities face are CJIS and PCI. Criminal Justice Information Services, or CJIS, is a division of the FBI that provides criminal justice information needed to perform law enforcement duties. CJIS provides each municipality security compliance requirements and performs frequent audits to ensure these requirements are being met. Below are just a few example requirements of the Security Policy:
- Security Awareness Training
- Perimeter Intrusion Detection
- Advanced Authentication
- Change Management/ Maintain Log History
- Device Encryption
- Incident response plan
- BYOD / Acceptable Use Policy
The Payment Card Industry, or PCI, is another compliance requirements cities face. PCI compliance requirements include many of the same criteria as CJIS and more. PCI necessitates a list of processes and security standards developed and mandated by the PCI Security Standards Council. If implemented properly PCI will help to protect customer credit card information, increase your data security, and reduce your liability. To learn more, check out The Ping: What is Compliance?
Most, if not all, compliance agencies require you to maintain several policies to achieve and ultimately sustain compliance. So, where do you start? First consider if you have a Security Plan in place? A security plan is a formalized plan that specifies how you are specifically protecting your data and business. It also lays out a plan of action for your company and employees in case a security breach does occur. Check out The Ping: Security Plan. As we discussed last week in The Ping: Disaster Recovery And Business Continuity Planning, having a Disaster Recovery plan in place is not only required by most compliance regulations, it’s also best practices for your organization.
How do you Become Compliant?
Now that you know what being compliant means, let’s discuss how you go about doing this. Compliance comes with several steps, or rules, that you must address.
- Determine which compliance requirements apply to you.
- Assess your infrastructure and policies and procedures.
- Review the compliance requirements.
- Determine what you must change and plan to change it with an appropriate timeline.
So, you’re done, right? There’s a little more to it. Compliance is a set of procedures that you need to continuously manage. Here are a few ways to accomplish this:
- Perform tests on your network directly relating to your compliance needs
- Look for key areas that you might have missed in previous audits or are weak points in your infrastructure
- Evaluate the results of these tests and make sure they fall within the requirements
- Ensure your employees are up-to-date with the cybersecurity training
- Correct your plans, procedures and policies
- Make changes where necessary. If your currently policies and procedures aren’t covering your compliance requirements, make a change!
We realize there is an overwhelming amount of work to do but, don’t worry. We’ve helped just about every one of our customers get compliant in some form or another. We can help prepare you for, help answer questions during and implement the resulting recommendations of an audit. We can also help provide templates and samples of very commonly required security policies. Please give us a call! We’re here to help you!
Your UniVista Team
*Celebrating 20 Years of Customer Satisfaction*