Compliance & Audit
Simplifying the Complex
Regulatory Compliance & Audit Services by True Ensure You’re Never Left Unprepared.
Protect yourself from increasingly complex and ever-changing regulations and standards with services by True.
What makes PCI so complex is that it impacts each organization differently. Misunderstanding this impact is all too common. The real value we bring to our clients is determining and explaining exactly how the PCI DSS applies to your specific organization. Often companies make assumptions about how to achieve compliance and spend more time and money than necessary and still fail to meet the intent of the standard.
Our PCI Guidance and Planning Services include a high-level PCI Gap Analysis Report. We also offer “QSA for a Day” consulting services to help your organization develop an initial strategy to tackling PCI compliance. We can help guide you through all necessary steps to achieve and maintain the level of PCI compliance your business needs.
We offer Onsite Assessment and Remediation Services to assist Level 1 and Level 2 merchants and service providers in meeting annual validation of requirements dictated by the PCI DSS. Our assessment will validate your organization’s adherence to the 12 PCI DSS requirements and provide you with an official Report on Compliance (ROC), detailing your compliance status with the PCI DSS. We can also assist you with completing your Self Assessment Questionnaire (SAQ).
With our External PCI ASV Scanning Service, merchants receive up to four rounds of ASV scans annually. Each round includes as many remediation scans as needed to achieve a passing ASV compliance report within a seventy-five (75) day window. We supply an official ASV Scanning Report each quarter, providing evidence that your scans were completed in compliance with PCI. Managed Scanning is also available for organizations that wish to perform additional scanning upon request with raw technical scan results provided.
True is a PCI Qualified Security Assessor (QSA) Company and Approved Scanning Vendor (ASV).
Compliance with the HIPAA Security Rule is central to securing electronic protected health information (ePHI). ePHI that is created, received, maintained or transmitted by a Covered Entity or Business Associate must be protected to prevent anticipated threats and hazards and impermissible uses and disclosures.
If your business fails to adhere to the HIPAA Security Rule and faces an ePHI-related security breach as a result, you can be subject to significant regulatory fines, litigation, breach notification costs, unfavorable media attention and a damaged reputation.
We can perform a HIPAA Risk Analysis to support the HIPAA and Meaningful Use requirements and evaluate your existing protection of ePHI. Using the HIPAA Security Rule as a baseline, our assessment will identify your current security controls, assess their effectiveness, inform you of your current risk, and establish a prioritized action plan for moving into compliance.
Our other HIPAA-related services include HIPAA Security Rule Gap Assessment, OCR Audit Coaching, IT GRC Security Program Development, Breach Notification/Incident Response Support, and Penetration Testing.
NERC CIP Compliance
Federal regulations and guidance surrounding critical infrastructure have brought security to the forefront in the energy/utility space. Additionally, smart grid initiatives and network convergence increase risk and exposure to technologies and processes that were once considered secure due to isolation.
Our NERC CIP Gap Analysis and Risk Assessment will look at your security holistically to identify and evaluate the security controls protecting your electronic security perimeter (ESP) and cyber assets, assess their effectiveness against industry standards, inform you of your current risk, and give you customized priorities for moving toward an improved security posture. We also perform NERC CIP Cyber Vulnerability Assessments to satisfy CIP-005 R4 and CIP-007 R8.
Our assessments will get you on track to meeting your compliance requirements while opening your eyes to existing security weaknesses. Once completed, you will have a clear plan of action toward achieving an optimal security posture and protecting your power grid from attack.
Today’s financial institutions connect customers, internal lines of business, third parties, affiliates and the public. These interdependencies affect the institution’s decisions around the delivery of existing products and services and the identification and development of new products and services. Understanding how various technologies are implemented requires expertise beyond technical experience alone. TRUE’s security professionals include seasoned personnel with multi-year financial institution technical and cybersecurity management experience.
TRUE can tailor its consulting, auditing, and awareness training solutions to fit your institution regardless of asset size. We provide professional and technical services to Community Banks and Regional Banks through our advanced understanding of the Federal Financial Institutions Examination Council (FFIEC) Information Technology Examination Handbook (IT Handbook). We don’t simply report audit and assessment findings, TRUE can assist your institution’s management, audit committee, and board of directors to understand the risk implications of identified audit and assessment findings.
Whether we are assisting your existing internal audit department or serving as your institution’s outsourced technical and cybersecurity internal audit function, TRUE’s advanced knowledge and understating of technology and cybersecurity risk can help your institution successfully manage your compliance requirements.
SOC 1, 2, 3 and SSAE 16 Services
The AICPA’s SAS No. 70, Service Organizations, has evolved into a family of Service Organization Control (SOC) Reports, which relate to information security and provide assurances about privacy and confidentiality controls as well as the security, availability, and processing integrity of their systems.
As companies are increasingly adopting vendor management programs to assess the IT security of their vendors, the demand for SOC Reporting is on the rise. Our experts are available to provide service organizations with audit preparation consulting, coaching, IT GRC services, and security program development guidance to ensure necessary controls are in place for future successful SOC engagements.