Compliance

Every organization has its own unique security needs when it comes to delivering sensitive information — from complying with privacy and data protection regulations such as the U.S.-based HIPAA, SOX, PCI, GLBA and FISMA requirements to meeting the security demands of partners, suppliers and customers.

Blue Karma Security is the expert in recommending the best in class solutions to help you comply and protect you against these costly violations.

FFIEC

The Federal Financial Institutions Examination Council (FFIEC) is a formal U.S. government interagency body that includes five banking regulators—the Federal Reserve Board of Governors (FRB), the Federal Deposit Insurance Corporation (FDIC), the National Credit Union Administration (NCUA), the Office of the Comptroller of the Currency (OCC), and the Consumer Financial Protection Bureau (CFPB). It is […]

HIPAA

HIPAA is the acronym for the Health Insurance Portability and Accountability Act that was passed by Congress in 1996.  HIPAA does the following: The HIPAA Privacy regulations require health care providers and organizations, as well as their business associates, develop and follow procedures that ensure the confidentiality and security of protected health information (PHI) when […]

SOX

The Sarbanes-Oxley Act (SOX) was enacted in 2002 to hold publicly traded companies accountable with internal checks/balances and procedures to reduce the possibility of corporate fraud. For a company to be SOX compliant all business records, including electronic records and electronic messages, must be saved for “not less than five years.

PCI-DSS

The Payment Card Industry Security Standards Council, or PCI SSC – often termed simply “the Council” – is an open global forum, launched in 2006, that develops, maintains and manages the PCI Security Standards, which include the Data Security Standard (DSS), Payment Application Data Security Standard (PA-DSS), and PIN Transaction Security (PTS) Requirements. Our standards […]

FISMA

FISMA is a US federal law enacted in 2002 as Title III of the E-Government Act of 2002. The act incorporates the need for federal information security to continuous economic prosperity and national security. The act mandates that all federal agencies develop, document, and implement an agency-wide program to secure the information and information systems […]

GLBA & FFIEC

The Gramm-Leach-Bliley Act (GLBA) was established in 1999 and includes the Financial Privacy Rule which governs the collection and disclosure of customers’ personal financial information by financial institutions. This rule also applies to companies that may not be financial institutions, but receive the same customer information. Whether a financial institution discloses nonpublic information or not, […]

NERC

The North American Electric Reliability Corporation (NERC) is a nonprofit corporation based in Atlanta, Georgia, and formed on March 28, 2006, as the successor to the National Electric Reliability Council (also known as NERC). The original NERC was formed on June 1, 1968, by the electric utility industry to promote the reliability and adequacy of […]