Duffy Compliance 2023 Logo
Schedule A Call

Compliance

Our Compliance Application and Services:

Risk and Compliance Assessments

We provide a method to simplify the compliance process of complex regulations into straightforward easy-to- follow questions and answer forms. We include all the supplemental guidance for each safeguard. Our product enables installation and testing of safeguards which are a key features in the total solutions. All the safeguards and protocols that we use are based on Federal recommendations and requirements. The product we use has been audited and accepted by the Office of the Comptroller of the Currency (OCC) and the Federal Financial Institutions Examination Council (FFIEC).

Compliance with HIPAA Security Rule

All HIPAA covered entities must comply with the HIPPA Security Rule. The Security Rule specifically focuses on protecting the confidentiality, integrity, and availability of electronic protected health information (EPHI). These entities include any organization or corporation that directly handles Personal Health Information (PHI) or Personal Health Records (PHR) (See “Covered Entity” under 45 C.F.R. Sec.160.103. If you know this affects you, we have the application to get you into compliance.

Compliance with Protecting CUI

All DOD, GSA, and NASA contractors and subcontractors will begin to see CUI security requirements embedded with the proposals and contracts. Federal information designated as CUI should have the same intrinsic value and potential adverse impact if compromised whether it or not resides in a federal organization. This is the reason behind the requirement to protect CUI. Automation and management of this process is what we are offering.

Compliance with Cybersecurity Framework

Executive Order 13636, “Improving Critical Infrastructure Cybersecurity” established “the Policy of the United States to enhance the security and resilience of the Nation’s critical infrastructure and to maintain a cyber environment that encourages efficiency, innovation, and economic prosperity while promoting safety, security, business confidentiality, privacy, and civil liberties.” Even though this is a voluntary Framework, it is considered to be a step closer to improve our Nation’s critical infrastructure.

 

Our Experience is based on NIST Standards:

NIST is responsible for the creation and publication of documents that govern risk assessment and protocols for securing government systems. These protocols are mandatory for use and recommended for financial and medical companies by such regulators as FFIEC and CMS. The protocols are also long, complex, and confusing. Having a trusted source for risk and compliance services can switch Executives from worry about the remediation tasks rather than whether the compliance process was complete. We meet our compliance efforts with the methodology you would expect:

    • HIPAA’s Security Rule compliance is defined in NIST 800-66 rev1 “Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule.”

 

    • Protecting DOD Controlled Unclassified Information (CUI) is defined in the NIST 800-171 “Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations.”

 

  • Cybersecurity Framework compliance is defined in the NIST document, “Framework for Improving Critical Infrastructure Cybersecurity”