COMPLIANCE & RISK ASSESSMENT

A risk assessment is a critical component of an effective information security strategy or program. Without a clear understanding of the potential risks that certain threats pose to the organization, management is unable to make difficult decisions around prioritizing funds for protecting information systems and other critical technology assets. Our certified information security professionals can partner with your organization to perform a wide range of of industry-accepted risk assessments.

HIPAA

A healthcare security risk analysis is not only an integral piece of your HIPAA compliance program, it is a requirement by the U.S. Department of Health and Human Services' Office for Civil Rights (OCR). It is the first step your business should take in identifying and implementing safeguards that comply with the standards in the Privacy and Security Rules. C Spire's healthcare security professionals have 20+ years of experience in healthcare and have performed thousands of security risk analysis engagements for a wide variety of healthcare organizations.

PCI

All companies that accept, store, process or transmit credit card information are each required to report compliance with the Data Security Standard (DSS). If your company accepts cards or stores or transmits cardholder info, then it needs to meet the security requirements that the card companies have set forth in the DSS. C Spire's team of security professionals have many years of PCI experience and helped many companies achieve compliance through our various types of assessments.

FFIEC

The Federal Financial Institutions Examination Council's (FFIEC) is a formal interagency body empowered to prescribe uniform principles, standards, and report forms for the federal examination of financial institutions by the Board of Governors of the Federal Reserve System (FRB), the Federal Deposit Insurance Corporation (FDIC), the National Credit Union Administration (NCUA), the Office of the Comptroller of the Currency (OCC), and the Consumer Financial Protection Bureau (CFPB). The FFIEC's primary task is to make recommendations to promote uniformity in the supervision of financial institutions. C Spire employs certified information security professionals who have past experience working as direct employees of financial insinuations who can assist you in achieving your compliance objectives.

NIST

The National Institute of Standards and Technology (NIST) is a non-regulatory agency whose mission is to promote U.S. innovation and industrial competitiveness by advancing science, standards, and technology. NIST is responsible for the creation of a variety of standards and procedures, including the cybersecurity framework, designed to improve organizations' effectiveness and security. C Spire employs a team of certified information security professionals who are well-versed in a wide variety of NIST frameworks.