Regulatory Compliance

Hart, Brown & Associates offers comprehensive compliance services including SOX 404, SOC 1 / SSAE 16, SOC 2, ISO 27001, and HIPAA HITECH assessments and readiness support.

The Threat Is Real

1 in 5 Small Businesses
Get Hacked in First Year!

In today’s digital world, businesses face a growing threat of cybercrime. This has become a significant challenge for organizations of all sizes, making cloud security more critical than ever before.

Contact us
a
Malware
a
Productivity
a
Botnets
a
Data Breach
a
Data Loss
a
Phishing
Our Services

Regulatory Compliance

Hart, Brown & Associates offers comprehensive compliance services for all your business needs.

Sarbanes Oxley 404 (SOX)

Section 404 of the Sarbanes Oxley Act (SOX) requires management of public companies and their external auditor to report on the adequacy of the company’s internal controls over financial reporting (ICOFR).
 
Hart, Brown & Associates can help your company achieve SOX 404 compliance in a co-sourced or outsourced arrangement by:
 
  > Performing company level and IT risk assessments and gap analysis.
  > Documenting the internal control environment via narratives and/or process flows.
  > Assisting with design and implementation of internal controls.
  > Testing controls for operating effectiveness.
  > Providing remediation services and recommending process improvement opportunities.
  > Managing risk upon completion of the audit through continuous auditing and continuous monitoring activities.
  > Develop audit procedures, templates and communication plans that can be utilized in a future internal audit function.

SOC 1 / SSAE 16
(formerly SAS 70)

On June 15, 2011, Statement for Attestation Engagements No. 16 (SSAE 16) superseded Statement on Auditing Standards No. 70 (SAS 70). The AICPA developed this new standard to more closely align with the international standard ISAE 3402 and to differentiate attestations for financially and non-financially relevant controls. In short, SOC 1 / SSAE 16 examinations cover controls that are financially relevant. SOC 2 / AT 101 examinations cover controls beyond financial relevance. 
 
Hart, Brown & Associates can aid your organization achieve SOC 1 / SSAE 16 compliance by performing readiness assessments as well as partner with AICPA designated CPA / Accounting firms for the attestation and examination.

SOC 2 (Trust Services Principles and Criteria)

The SOC 2 report was developed by the AICPA help service organizations provide its customers and other interested parties with an independent CPA firm’s opinion beyond financially relevant controls. A SOC 2 examination is criteria based and covers relevant principles and controls relevant to privacy, availability, confidentiality, processing integrity and security. Types of service organizations undergoing SOC 2 examinations include data centers, cloud computing providers, as well as entities subject to HIPAA, PCI and other bank regulations.
 
Hart, Brown & Associates can aid your organization achieve SOC 2 compliance for one or multiple Trust Services principles by performing readiness assessments as well as partnering with an AICPA designated CPA / Accounting firm for the attestation and examination.

PCI Compliance

If you are a merchant or service provider that stores, processes or transmits credit card data, you are required by your credit card issuer to adhere to the standards set forth by the PCI (Payment Card Industry) Security Council. The number and type of transactions processed will determine the requirements for adhering to the PCI Data Security Standard (DSS). While credit card issuers ultimately determine the standard for merchants to follow, these are the general guidelines that the major credit card issuers (VISA, MasterCard, AMEX.

* Note: A data breach that resulted in account data compromise may be escalated to a higher validation level.

 PCI Compliance is not a single audit and compliance event, but is an ongoing process. Hart, Brown & Associates can assist with the following related to PCI Compliance: 
  > PCI Readiness – controls design, implementation and testing ahead of the QSA (Qualified Security Assessor).
  > PCI Remediation – resulting from readiness findings or QSA findings.
  > Vulnerability Scanning and Penetration Testing – we partner with ASV’s (Approved Scanning Vendors) to help with external scans of your IT environment.

ISO 27001 / 27002 Readiness
& Remediation

The ISO 27002 standard (formerly known as ISO 17799) is a globally accepted standard and benchmark for information security. It outlines over 200 potential controls activities relevant for an ISO 27001 certification audit. ISO 27002 has established guidelines and principles for initiating, implementing, maintaining and improving an organization’s ISMS (Information Security Management System).
 
 The twelve sections for ISO 27002 are:
  > Risk Assessment
  > Security Policy
  > Organization of Information Security
  > Asset Management
  > Human Resources Security
  > Physical Security
  > Communications and Operations Management
  > Access Control
  > Information Systems Acquisition, Development, Maintenance
  > Information Security Incident management
  > Business Continuity
  > Compliance
Within each section, there are control objectives and control activities that are recommended for implementation. Certain control objectives and activities may not be applicable to your organization and should be documented in the formal risk assessment when undergoing ISO 27002 readiness.
 
Hart, Brown & Associates can help your organization prepare for an ISO 27001 audit by conducting a formal risk assessment of your current IT environment, design and implement ISO 27002 controls for your ISMS, perform a gap analysis and perform internal remediation prior to or after ISO 27001 certification has been completed by an accredited registrar.

HIPAA HITECH Act

The Health Information Technology for Economic and Clinical Health (HITECH) Act, was signed into law in 2009 to promote the adoption and meaningful use of health information technology. Subtitle D of the HITECH Act discusses the privacy and security concerns associated with the electronic transmission of health information, civil and criminal penalties in the event of a data breach, breach notification procedures and accounting of disclosures of a patient’s health information.
 
Hart, Brown & Associates can assist your organization with becoming HIPAA HITECH compliant by performing an assessment of where your Protected Health Information (PHI) resides at rest, how the data is transmitted, ownership of data throughout the process, logical access to the data (both internal to the organization and external vendors) and help develop an incident response plan in accordance with HIPAA laws.
Expert Security Team

Our team of experienced security professionals has the expertise to provide you with the best possible cloud security solutions.

Advanced Security Measures

We are committed to ensuring the highest levels of data security using advanced encryption techniques.

Customized Solutions

We offer customized solutions to ensure that your specific security requirements and your company goals are met without any errors.

Robust Disaster Recovery

Our cloud security solutions include robust disaster recovery capabilities to ensure that your data is available.

Protect your business from the growing threat of cyber attacks.

Contact us now to schedule a consultation and take the first step in protecting your business from cyber threats.

a
Don't wait until it's too late! Call us

Call (+1) 678 421 4707
FAQ's

Some Questions
And Their Answers

Go to FAQ's
What is included in the Small Business SC Cybersecurity solution?

SC Cybersecurity solutions offer:

- A next generation firewall device with deep-packet inspection capability
- Professional firewall installation by ADT technicians and network engineers
- Premium content filtering service
- A comprehensive and customizable weekly report to see all blocked threats
- Add-on products like Secure Email and VPN services to complete the solution

What is a firewall?

SC Cybersecurity solutions offer:

- A next generation firewall device with deep-packet inspection capability
- Professional firewall installation by ADT technicians and network engineers
- Premium content filtering service
- A comprehensive and customizable weekly report to see all blocked threats
- Add-on products like Secure Email and VPN services to complete the solution

What is a Virtual Private Network (VPN)?

SC Cybersecurity solutions offer:

- A next generation firewall device with deep-packet inspection capability
- Professional firewall installation by ADT technicians and network engineers
- Premium content filtering service
- A comprehensive and customizable weekly report to see all blocked threats
- Add-on products like Secure Email and VPN services to complete the solution

How do I create my online account for ADT Cybersecurity?

SC Cybersecurity solutions offer:

- A next generation firewall device with deep-packet inspection capability
- Professional firewall installation by ADT technicians and network engineers
- Premium content filtering service
- A comprehensive and customizable weekly report to see all blocked threats
- Add-on products like Secure Email and VPN services to complete the solution

Who should I contact if I need assistance?

SC Cybersecurity solutions offer:

- A next generation firewall device with deep-packet inspection capability
- Professional firewall installation by ADT technicians and network engineers
- Premium content filtering service
- A comprehensive and customizable weekly report to see all blocked threats
- Add-on products like Secure Email and VPN services to complete the solution

Get In Touch

Atlanta, Georgia

call us:
770-235-4684

mail us: info@hart-brown.com