Many companies are aware of the IT and operational risks they face; however, organizations often overlook preventive measures in an effort to manage capital and resource costs. The risks associated with letting IT systems and infrastructure become an afterthought can present threats to the health of your business, including:
We help companies of all sizes develop sound practices while keeping cost efficiency and effectiveness in mind. Using a risk-based and solutions-driven approach, we offer assistance according to your needs and the complexity of your IT infrastructure:
Our IT Advisory Services team has the experience and knowledge with the credentials to back it up. They retain extensive knowledge and skill in their respective focus areas and log a wide range of valuable certifications including CISA, CRISC, CCE, CISSP, GCIH, PCI/QSA, CTGA, HITRUST CSFP and HCISPP. From project management and regulatory compliance assistance to digital forensics and incident response, DHG is equipped to meet your IT advisory needs.
In an age when cyber attacks are increasingly prevalent, it is important to take steps to reduce your cyber risk and comply with ever-evolving privacy and security regulations. DHG can help every step of the way.
As we read in the news almost daily about data breaches, companies of all sizes are at risk through external attack, malware and inadvertent user actions. Failure to identify and address vulnerabilities and prepare for data breaches can lead to the loss of public and intellectual data, and result in:
- Brand and reputational damage
- Negative earnings and market value impact
- Lawsuits and litigation from a variety of constituents
- Damages associated with the theft of intellectual property
Businesses often fail to prepare adequately for such breaches and are unsure of how to handle a potentially malicious or fraudulent event. The DHG IT Advisory team can help you avoid the negative consequences associated with cyber security breaches.
Delivering cybersecurity and privacy strategies that compliment and strengthen your business
At DHG, we believe that security is fundamental to your business, so that your processes are secure, streamlined and efficient. In an evolving market space, we work with our clients to review the people, processes and technology in place to protect information assets. We help our clients prevent, detect and remediate cyber risk through the following:
- Assess security preparedness and compliance with evolving state, federal and industry regulations and frameworks, such as: PCI, HIPAA / HITRUST, TR-39 and DFARS
- Support security incident and data breach response efforts through digital forensic evaluation, triage and guidance for remediation
- Network and web application vulnerability assessment
- Penetration testing
- Social engineering and physical site assessments and dark web research
- Information security and governance program assistance
- Information security risk assessment
- Policy and procedure assistance
Why Choose DHG?
With a history of serving clients of all sizes in a variety of industries, the DHG IT Advisory team is knowledgeable in evolving security, privacy and regulatory compliance requirements in the healthcare, financial services, insurance and retail industries. We have helped clients develop effective security practices to achieve compliance with the following:
- Gramm-Leach-Bliley Act (GLBA)
- Federal Financial Institutions Examination Council (FFIEC)
- Payment Card Industry Data Security Standard (PCI DSS)
- Healthcare Insurance Portability and Accountability Act (HIPAA) / Health Information Technology for Economic and Clinical Health (HITECH) Act
Digital & Computer Forensics
Digital Forensics with Dedicated Professionals and State-of-the-Art Tools
At DHG, highly qualified professionals with multi-disciplinary technical knowledge perform digital and computer forensic investigations. Trained in the latest forensic and evidence handling techniques, we conduct our investigations using tools such as:
- EnCase, Cellebrite, Physical Analyzer, Forensic Tool Kit, Passware and BlackLight
- Tableau forensic duplicators, write blockers, and Cellebrite UFED Touch
- Purpose-built digital forensics labs with heightened security measures
Read more about our Forensics Group
Healthcare IT Compliance
In the wake of evolving compliance requirements, healthcare providers are accountable.
The Health Insurance Portability and Accountability Act (HIPAA), Health Information Technology for Economic and Clinical Health (HITECH) Act and its Meaningful Use provision have rapidly reshaped the healthcare industry. Strict compliance with government standards is critical to protect and grow your business. While regulatory compliance measures may seem burdensome and demanding, non-compliance can have serious and long-term negative effects on your organization.
Our professionals can provide your healthcare facility with the information and tools needed to achieve and maintain both compliance and peace of mind.
We leverage industry knowledge and experience, excellent client service and a tailored approach to each assessment to meet and exceed your needs.
DHG IT Advisory professionals have earned the Health Information Trust (HITRUST) Alliance’s credential as certified HITRUST practitioners, demonstrating deep market experience and skillset required to perform HIPAA / HITECH compliance services for healthcare providers of all sizes. We deliver value by integrating our cross-functional IT and industry experience to help you identify compliance gaps and develop remediation plans while preparing for potential regulatory audits.
DHG provides the following HIPAA / HITECH compliance-related services:
- HIPAA / HITECH IT Compliance Reviews
- Meaningful Use Compliance assessments
- OCR/CMS audit preparation assistance
- Network security assessments
- Sensitive (ePHI) data scanning
- Policy and procedure assistance
What you do is important, which is why the success of your company is our priority. DHG’s team is here to help you navigate your way through the complexities of HIPAA, HITECH and Meaningful Use so that you can focus on providing patient care.
- IT Project Management
- Regulatory Response
- RFP / RFI - 3rd Party Vendor
- Enterprise Project Planning
- IT Program Oversight
- Risk Advisory Services
Internal Audit Resource Assistance
Our Internal Audit services help ensure that you're operating in a secure and efficient manner. Our risk-based approach allows us to address the issues that present the greatest threats to your organization.
We provide outsourced, co-sourced and project-based internal audit services directly to management and existing internal audit departments:
- Assistance with the design, assessment and development of internal audit functions
- Assistance with the enhancement of your present internal audit processes
Recurring breaches of consumer payment data have resulted in increased enforcement of the Payment Card Industry (PCI) Data Security Standard (DSS) to protect credit card holder data. In order to protect your business and your customers, PCI compliance is crucial.
While compliance measures may be burdensome, they can have major benefits to businesses of all sizes, including increased client trust and business growth. Similarly, non-compliance can cause serious and long-term negative effects, such as:
- Financial Risk – Non-compliance fees issued by card processors, fines issued by card brands following a breach, increased per transaction fees, incident management costs in the form of forensic audits, card replacement, vulnerability remediation and paying for customer credit monitoring
- Reputational Risk – Client loss, brand damage
- Suspension or Revocation of Card Acceptance Privileges
You have worked hard to build your business. DHG is here to help you secure the trust of your customers. Our IT Advisory Services team is equipped with experienced Qualified Security Assessors (QSA) with the credentials and skillset to perform PCI assessments for large PCI Level One merchants and service providers, as well as smaller-scale clients. Leveraging our cross-functional IT consulting and industry experience, we can provide you with year-round assistance. Our professionals will help you meet the requirements for protecting card holder data established by the PCI DSS and can help enhance your business with the addition of data protection controls and practices to mitigate evolving risks.
Our PCI compliance services include:
- PCI Reports on Compliance Assessments – provide independent validation of PCI DSS compliance in the form of a RoC that can be submitted to an acquiring bank or the major card brands. This is a requirement for merchants with more than 6 million VISA or MasterCard transactions per year.
- PCI Readiness Assessments – assess an organization’s readiness against PCI DSS controls and advise on strategies to close remediation gaps. The implementation of DSS v3.0 places additional security requirements on organizations that should be addressed prior to full compliance audits. Readiness assessments help organizations ensure they can demonstrate full compliance with the latest version of the PCI DSS.
- Self-Assessment Questionnaire (SAQ) Assistance – assess your tools for self-evaluation of PCI DSS compliance. This is a requirement for merchants with less than six million VISA or MasterCard transactions per year or service providers with less than 300,000 transactions per year.
- PCI Compliant Network Penetration Testing – identify potential network and application vulnerabilities that jeopardize cardholder data security.
Success depends on the ability to manage information used to drive core business processes. Common solutions now include full outsourcing of IT operations, outsourcing of specialized technology and applications and use of co-location facilities. The impact associated with inaccurate or delayed transaction processing, loss of data or compromise of customer information by a third-party service provider can negatively impact a company’s operations and reputation.
Companies subject to compliance with privacy regulations and those with strong vendor management programs rely on SOC reporting to understand the effectiveness of internal control environments in place at their third party service providers.
Companies often subject to SOC reports include financial transaction processors, software vendors, third-party administrators, HR and benefits processors, data centers and application service providers.
DHG Can Help
Our experienced professionals perform SOC examinations for service providers in a number of industries across the United States and internationally. We understand the value of your time and have tailored an efficient engagement approach to minimize the impact on your daily activities.
Benefits of a SOC Examination
Performing a SOC examination of a third-party service provider includes the following benefits:
- Provides service provider customers with information on the internal control environment, including the operating effectiveness of controls affecting the customer’s internal controls over financial reporting
- Can address a service provider customer’s need to understand the internal controls at a service provider related to security, availability, processing integrity, confidentiality and privacy
- Can be used by a service provider customer’s financial statement auditor to determine reliance on controls in place at the service provider
- Eliminates the need for multiple customers to perform onsite audits
- Satisfies a requirement by many companies that an audit of internal controls be in place at their service provider
- Indicates to potential customers a service provider’s commitment to internal controls and transaction processing integrity
- Can identify improvement opportunities in operational areas at the service provider
- Provides an additional marketing opportunity and competitive advantage over other service providers