PCI DSS

For any organization which accepts or otherwise deals with credit cards, compliance with the Payment Card Industry (PCI) Data Security Standard (DSS) is mandatory. Although consisting of a number of fairly reasonable security requirements, this standard is nonetheless onerous, no matter the size of the company. Our consultants have extensive experience in preparing organizations for PCI compliance. This includes preparatory audits to assess the level of compliance and highlight any shortcomings (gap analysis).

CANADIAN FIPPA/FOIPOP, PIPEDA, PIPA

These are Canadian privacy laws. FIPPA/FOIPOP represents the Freedom of Information and Protection of Privacy Acts of the various provinces (Alberta, British Columbia, etc.). This legislation applies, inter alia, to personal information held by provincial government and associated entities. PIPEDA (Personal Information Protection and Electronic Documents Act ) is the federal privacy act and PIPA (Personal Information Protection Act)  (Alberta, British Columbia) relate to personal information held by non-government entities.

We also offer a 1-2 day workshop on Canadian privacy issues.

SOX AND BILL 198 (CSOX)

Our consultants are able to assist companies in their SOX (Bill 198) compliance efforts, and have extensive experience in this area.

OTHER COMPLIANCE

We are able to assist clients with compliance with other security legislation and compliance requirements, such as breach disclosure laws  (an example is California's SB 1386),  FSA  (UK Financial Services Authority) Guidelines),  etc.

We use COBIT (Control OBjectives for Information and related Technology) and ISO 17799 (and its derivatives) extensively in our audit assessments.

DISCLAIMER: We are not lawyers. For competent legal advice, please refer to your  legal team or outside counsel.