[{"@context":"https:\/\/schema.org\/","@type":"BlogPosting","@id":"https:\/\/univista.com\/posts\/the-ping-preparing-your-organization-for-compliance\/#BlogPosting","mainEntityOfPage":"https:\/\/univista.com\/posts\/the-ping-preparing-your-organization-for-compliance\/","headline":"The Ping: Preparing Your Organization for Compliance","name":"The Ping: Preparing Your Organization for Compliance","description":"Implementing and sustaining compliance is both required and beneficial for cities. Check out the first steps to compliance here!","datePublished":"2019-07-30","dateModified":"2019-07-30","author":{"@type":"Person","@id":"https:\/\/univista.com\/posts\/author\/corie-bogan\/#Person","name":"Corie Bogan","url":"https:\/\/univista.com\/posts\/author\/corie-bogan\/","identifier":5,"image":{"@type":"ImageObject","@id":"https:\/\/secure.gravatar.com\/avatar\/1cc33ae534ef31a23f9281fa0d638eb45e31ff2282dc8fabaf8cec72af5f1961?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/1cc33ae534ef31a23f9281fa0d638eb45e31ff2282dc8fabaf8cec72af5f1961?s=96&d=mm&r=g","height":96,"width":96}},"publisher":{"@type":"Organization","name":"UniVista","logo":{"@type":"ImageObject","@id":"https:\/\/univista.com\/wp-content\/uploads\/2018\/03\/Univista-Logo-e1522352689794.png","url":"https:\/\/univista.com\/wp-content\/uploads\/2018\/03\/Univista-Logo-e1522352689794.png","width":600,"height":60}},"image":{"@type":"ImageObject","@id":"https:\/\/univista.com\/wp-content\/uploads\/2019\/07\/Rules.jpg","url":"https:\/\/univista.com\/wp-content\/uploads\/2019\/07\/Rules.jpg","height":426,"width":640},"url":"https:\/\/univista.com\/posts\/the-ping-preparing-your-organization-for-compliance\/","about":["BUSINESS CONTINUITY","business management","compliance","hipaa","network","PCI DSS","planning","safety","Security","The Ping","update","vulnerability"],"wordCount":578,"keywords":["2fa","cjis","compliance","cybersecurity","hipaa","multi-factor authentication","Security","updates"],"articleBody":"ShareTweet Last week we addressed the importance of implementing a Disaster Recovery plan under your own Business Continuity program. And as we mentioned previously, this is a necessity under most, if not all, compliance requirements. The next question is, do you know what it means to maintain compliance?What is Compliance?Two primary compliance requirements cities face are CJIS and PCI. Criminal Justice Information Services, or CJIS, is a division of the FBI that provides criminal justice information needed to perform law enforcement duties. CJIS provides each municipality security compliance requirements and performs frequent audits to ensure these requirements are being met. Below are just a few example requirements of the Security Policy:Security Awareness TrainingPerimeter Intrusion DetectionAdvanced AuthenticationChange Management\/ Maintain Log HistoryDevice EncryptionIncident response planBYOD \/ Acceptable Use PolicyThe Payment Card Industry, or PCI, is another compliance requirements cities face. PCI compliance requirements include many of the same criteria as CJIS and more. PCI necessitates a list of processes and security standards developed and mandated by the PCI Security Standards Council. If implemented properly PCI will help to protect customer credit card information, increase your data security, and reduce your liability. To learn more, check out The Ping: What is Compliance?Most, if not all, compliance agencies require you to maintain several policies to achieve and ultimately sustain compliance. So, where do you start? First consider if you have a Security Plan in place? A security plan is a formalized plan that specifies how you are specifically protecting your data and business. It also lays out a plan of action for your company and employees in case a security breach does occur. Check out The Ping: Security Plan. As we discussed last week in The Ping: Disaster Recovery And Business Continuity Planning, having a Disaster Recovery plan in place is not only required by most compliance regulations, it\u2019s also best practices for your organization.How do you Become Compliant?Now that you know what being compliant means, let\u2019s discuss how you go about doing this. Compliance comes with several steps, or rules, that you must address.Determine which compliance requirements apply to you.Assess your infrastructure and policies and procedures.Review the compliance requirements.Determine what you must change and plan to change it with an appropriate timeline.ImplementationSo, you\u2019re done, right? There\u2019s a little more to it. Compliance is a set of procedures that you need to continuously manage. Here are a few ways to accomplish this:Test!Perform tests on your network directly relating to your compliance needsLook for key areas that you might have missed in previous audits or are weak points in your infrastructureEvaluateEvaluate the results of these tests and make sure they fall within the requirementsEnsure your employees are up-to-date with the cybersecurity trainingCorrect your plans, procedures and policiesMake changes where necessary. If your currently policies and procedures aren\u2019t covering your compliance requirements, make a change!We realize there is an overwhelming amount of work to do but, don’t worry. We’ve helped just about every one of our customers get compliant in some form or another. We can help prepare you for, help answer questions during and implement the resulting recommendations of an audit. We can also help provide templates and samples of very commonly required security policies. Please give us a call! We\u2019re here to help you!Your UniVista Team*Celebrating 20 Years of Customer Satisfaction*\u00a0ShareTweet "},{"@context":"https:\/\/schema.org\/","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Posts","item":"https:\/\/univista.com\/posts\/#breadcrumbitem"},{"@type":"ListItem","position":2,"name":"The Ping: Preparing Your Organization for Compliance","item":"https:\/\/univista.com\/posts\/the-ping-preparing-your-organization-for-compliance\/#breadcrumbitem"}]}]