TECHNOLOGY ADVISORY - COMPLIANCE

Success depends on the ability to manage information used to drive core business processes. Common solutions now include full outsourcing of IT operations, outsourcing of specialized technology and applications and use of co-location facilities. The impact associated with inaccurate or delayed transaction processing, loss of data or compromise of customer information by a third-party service provider can negatively impact a company’s operations and reputation.

Companies subject to compliance with privacy regulations and those with strong vendor management programs rely on SOC reporting to understand the effectiveness of internal control environments in place at their third party service providers.

Companies often subject to SOC reports include financial transaction processors, software vendors, third-party administrators, HR and benefits processors, data centers and application service providers.

DHG Can Help

Our experienced professionals perform SOC examinations for service providers in a number of industries across the United States and internationally. We understand the value of your time and have tailored an efficient engagement approach to minimize the impact on your daily activities.

Benefits of a SOC Examination

Performing a SOC examination of a third-party service provider includes the following benefits:

• Provides service provider customers with information on the internal control environment, including the operating effectiveness of controls affecting the customer’s internal controls over financial reporting
• Can address a service provider customer’s need to understand the internal controls at a service provider related to security, availability, processing integrity, confidentiality and privacy
• Can be used by a service provider customer’s financial statement auditor to determine reliance on controls in place at the service provider
• Eliminates the need for multiple customers to perform onsite audits
• Satisfies a requirement by many companies that an audit of internal controls be in place at their service provider
• Indicates to potential customers a service provider’s commitment to internal controls and transaction processing integrity
• Can identify improvement opportunities in operational areas at the service provider
• Provides an additional marketing opportunity and competitive advantage over other service providers

Cybersecurity will be mandatory across the Defense Industrial Base.

The CMMC framework was adopted by the Department of Defense (DoD) in January 2020 to enforce protection of Federal Contract Information (FCI) and Controlled Unclassified Information (CUI) throughout its supply chain. The framework contains five levels to distinguish the maturity of an organization’s cybersecurity controls.

Learn More About CMMC Compliance

Helping protect your digital assets with comprehensive cybersecurity services.

Organizations often struggle with developing, implementing, and maintaining holistic programs for protecting the confidentiality, integrity, and availability of their sensitive information. DHG offers a suite of cybersecurity advisory, compliance, and assessment services designed to help clients of all sizes protect their information and achieve compliance requirements.

Learn more about DHG’s Cybersecurity services.

Increasing regulatory scrutiny on handling of sensitive consumer information.

The European Union’s Global Data Protection Regulation (GDPR) introduced new minimum standards for increasing transparency of how organizations use consumer information and outlining minimum rights to consumers to define how organizations can use their data.

As the data privacy landscape continues to evolve – and more stringent regulations are passed – we help our clients design and develop privacy solutions that address compliance obligations and protect their brand in the marketplace.

Digital Forensics with Dedicated Professionals and State-of-the-Art Tools

At DHG, highly qualified professionals with multi-disciplinary technical knowledge perform digital forensic investigations. Trained in the latest forensic and evidence handling techniques, we conduct our investigations using tools such as:

• EnCase, X-Ways, Cellebrite UFED, Passware, Magnet Axiom
• Tableau forensic duplicators, write blockers, and custom-designed workstations
• Purpose-built digital forensics lab with heightened security measures

In the wake of evolving compliance requirements, healthcare providers are accountable.

The Health Insurance Portability and Accountability Act (HIPAA), Health Information Technology for Economic and Clinical Health (HITECH) Act and its Meaningful Use provision have rapidly reshaped the healthcare industry. Strict compliance with government standards is critical to protect and grow your business. While regulatory compliance measures may seem burdensome and demanding, non-compliance can have serious and long-term negative effects on your organization.

Our professionals can provide your healthcare facility with the information and tools needed to achieve and maintain both compliance and peace of mind.

We leverage industry knowledge and experience, excellent client service and a tailored approach to each assessment to meet and exceed your needs.

DHG IT Advisory professionals have earned the Health Information Trust (HITRUST) Alliance’s credential as certified HITRUST practitioners, demonstrating deep market experience and skillset required to perform HIPAA / HITECH compliance services for healthcare providers of all sizes. We deliver value by integrating our cross-functional IT and industry experience to help you identify compliance gaps and develop remediation plans while preparing for potential regulatory audits.

DHG provides the following HIPAA / HITECH compliance-related services:

• HIPAA / HITECH IT Compliance Reviews
• Meaningful Use Compliance assessments
• OCR/CMS audit preparation assistance
• Network security assessments
• Sensitive (ePHI) data scanning
• Policy and procedure assistance

What you do is important, which is why the success of your company is our priority. DHG’s team is here to help you navigate your way through the complexities of HIPAA, HITECH and Meaningful Use so that you can focus on providing patient care.

Our Internal Audit services help ensure that you're operating in a secure and efficient manner. Our risk-based approach allows us to address the issues that present the greatest threats to your organization.

We provide outsourced, co-sourced and project-based internal audit services directly to management and existing internal audit departments:

• Assistance with the design, assessment and development of internal audit functions
• Assistance with the enhancement of your present internal audit processes

Recurring breaches of consumer payment data have resulted in increased enforcement of the Payment Card Industry (PCI) Data Security Standard (DSS) to protect credit card holder data. In order to protect your business and your customers, PCI compliance is crucial.

While compliance measures may be burdensome, they can have major benefits to businesses of all sizes, including increased client trust and business growth.  Similarly, non-compliance can cause serious and long-term negative effects, such as:

• Financial Risk – Non-compliance fees issued by card processors, fines issued by card brands following a breach, increased per transaction fees, incident management costs in the form of forensic audits, card replacement, vulnerability remediation and paying for customer credit monitoring
• Reputational Risk – Client loss, brand damage
• Suspension or Revocation of Card Acceptance Privileges

You have worked hard to build your business. DHG is here to help you secure the trust of your customers. Our IT Advisory Services team is equipped with experienced Qualified Security Assessors (QSA) with the credentials and skillset to perform PCI assessments for large PCI Level One merchants and service providers, as well as smaller-scale clients. Leveraging our cross-functional IT consulting and industry experience, we can provide you with year-round assistance. Our professionals will help you meet the requirements for protecting card holder data established by the PCI DSS and can help enhance your business with the addition of data protection controls and practices to mitigate evolving risks.

Our PCI compliance services include:

• PCI Reports on Compliance Assessments – provide independent validation of PCI DSS compliance in the form of a RoC that can be submitted to an acquiring bank or the major card brands. This is a requirement for merchants with more than 6 million VISA or MasterCard transactions per year.
• PCI Readiness Assessments – assess an organization’s readiness against PCI DSS controls and advise on strategies to close remediation gaps. The implementation of DSS v3.0 places additional security requirements on organizations that should be addressed prior to full compliance audits. Readiness assessments help organizations ensure they can demonstrate full compliance with the latest version of the PCI DSS.
• Self-Assessment Questionnaire (SAQ) Assistance – assess your tools for self-evaluation of PCI DSS compliance. This is a requirement for merchants with less than six million VISA or MasterCard transactions per year or service providers with less than 300,000 transactions per year.
• PCI Compliant Network Penetration Testing – identify potential network and application vulnerabilities that jeopardize cardholder data security.

Tackling Information Technology Risk & Compliance Challenges

For businesses engaged in mergers and acquisitions, information technology risks can derail a deal. When you purchase a company, you own its data - past, present and future, which can have a significant impact on valuation. DHG helps your company identify information technology and data risk associated with a transaction.

Helping You Mitigate Risk

Our goal for each transaction is to arm our clients with the appropriate information to allow them to make important decisions about proceeding, renegotiating, restructuring or withdrawing from a potential transaction. Information technology risk can affect a company’s value in many ways:

To help you manage these risks, our team assesses information technology areas and compliance activities of the target company or acquisition to determine if services and processes are secure, streamlined and efficient and support continuity of operations post transaction.