what is it?
For many highly regulated industries such as the medical or financial sectors, to name only a few, compliance against regulatory and industry best-practice frameworks is a must. More and more businesses are both realizing they need to be compliant themselves and/or requiring their third-party business partners and vendors to be compliant. Compliance to security frameworks such as the NIST CSF or ISO 27001 can be very confusing for a small or midsize business. Add to this more specific requirements and standards such as HIPAA and PCI-DSS, the process of navigating these can be frustrating.
I can help you navigate these compliance efforts. Some things to keep in mind regarding compliance:
Your company may not need to be compliant with every single item contained in these frameworks, standards, and regulatory requirements.
Full “certification” of some of these may be overkill and unnecessary to many small and midsize firms.
Many times, smaller firms can be “self-regulated” and don’t require pricey third-party assessors to attest you are compliant.
It is possible that adherence to a single best-practice framework may be all you need to satisfy multiple regulatory requirements at once.