Nearly all types of businesses today must operate in compliance with governmental regulations of some sort. The areas of assessments and compliance that effect almost every industry are those dealing with the protections for customer data, what they call Personally Identifiable Information (PII) or Non-public Personal Information (NPPI).
No matter the size of a company or its industry, compliance with governmental regulations is crucial, and there is a wide range.
The sector of the IT Support and Services industry that deals with violations and non-compliance is Cybersecurity. The main thrust of government laws and regulations are to protect consumer information and their rights to keep their data private, and this landscape of acronyms changes constantly. It is our job as your Managed Services Provider to keep abreast of these changes and work with you to manage IT affected compliances.
Three of the most common are HIPAA, PCI and CMMC:
- Health Insurance Portability and Accountability Act (HIPAA) – Health Care Providers, Health Plans and Health Clearinghouses and certain of their subcontractors, known as ‘Business Associates’ who handle and electronically transmit patient information must stay in compliance with the regulations from HIPAA. Passed in 1996, HIPAA outlines the lawful handling and use of Protected Health Information (PHI) and falls under the purview of the Department of Health and Human Services (HHS).
Payment Card Industry Data Security Standard (PCI DSS) – The Payment Card Industry must be in compliance with the Rules and Regulations set forth by the Payment Card Industry Data Security Standard (PCI DSS), which is administered by the Payment Card Industry Security Standards Council (PCI SSC).
Cybersecurity Maturity Model Certification (CMMC) – The US Department of Defense (DoD) has always required the vetting of all contractors, but with the advancements in cyber-crime and hacking technologies, they have instituted new procedures for all businesses seeking government contracts.