PCI-DSS Preparation

Organizations that store, process, or transmit cardholder data are subject to comply with the Payment Card Industry Data Security Standard (PCI-DSS). This standard was developed by the major card brands such as Visa, MasterCard and American Express, with the primary goal being to consolidate their data security requirements for the protection of credit card data.

We have developed a systemized approach to help organizations of all sizes and transaction volumes to achieve and maintain their compliance. Some of the key areas we focus on are:

  • Penetration testing, social engineering assessments.
  • Full PCI-DSS Gap Analysis.
  • Wireless assessments.
  • A review of controls in place and assistance with remediation activities.
  • Assistance with completion of the Self-Assessment Questionnaire.
  • High-level maintenance plan.
  • Customized Security Awareness training.
  • Hardening of the operating system, firewalls, routers and switches against significant standards such as CSI-Benchmark or NIST.
  • Develop an Incident Response plan in the event of a breach.

SOC 2 Audit Reports

Service Organization Controls (SOC) 2 reports are designed to provide comfort over the following principles: Security, Availability, Confidentiality, Processing Integrity, and Privacy (if applicable) of a System. A System is comprised of the Infrastructure, Software, People, Procedures, and Data used to complete the services provided. The following is a brief description of the goals to be achieved with each principle:

  • Security – The system is protected against unauthorized access (both physical and logical).
  • Availability – The system is available for operation and usage as agreed to meet availability objectives.
  • Processing Integrity – System processing is complete, accurate, timely, and authorized.
  • Confidentiality – Information designated as confidential is adequately protected.
  • Privacy – Personal information is collected, used, retained, disclosed, and/or destroyed in accordance with established standards.

Not all principles noted above must be in place to complete the SOC 2 audit reports. Dyna Lync Connect will work with your team to determine which trusted principles should be covered by the report. Organizations can choose which principles will be covered by the audit because not all principles may be in-scope of the service you are delivering.

We want to be your partner. For additional information, please Contact Us.

ISO 27001 Assessment

ISO 27001 is recognized internationally as the benchmark that defines best practices for information security management systems (ISMS). ISO 27001 focuses on the application of a risk management process to ensure risks are adequately managed. By becoming ISO 27001 certified, you are demonstrating to potential partners/customers, and you take data security very seriously. Maintaining ISO 27001 compliance requires regular assessments by an independent firm. This assessment will help identify any potential threats to security, allowing you to remedy any vulnerability while demonstrating to your customers your commitment to security.

Dyna Lync has prepared numerous organizations to undergo and maintain ISO 27001 certification. We will project manage and guide your organization for a successful and smooth process.

Ready to gain a competitive advantage in your industry?

HIPAA / HITECH Assessment

People expect any information relating to their health records to be protected and safeguarded against any attempt of compromise. The Health Insurance Portability and Accountability Act (HIPAA), along with the Health Information Technology for Economic and Clinical Health (HITECH) Act have outlined acceptable measures companies that store, handle, or process electronically protected health information (ePHI) must adhere to. Who is a covered entity, what information is protected, and the safeguards that must be in place to ensure the HIPAA Security Rule is properly followed. HIPAA, in general, applies only to covered entities – primarily health plans, health care clearinghouses and health care providers. The HITECH Act of 2009 expanded the responsibilities of business associates of the covered entities. It addresses requirements for service organizations acting as vendors and providing services to the covered entities, and therefore have access to ePHI. Even if you are not a covered entity, but are a vendor to the covered entity and have access to their ePHI you are likely subject to the requirements under HIPAA/HITECH.

Dyna Lync has prepared numerous organizations to undergo and maintain their HIPAA attestation. If you are questioning whether your company is HIPAA/HITECH compliant contact us.