Compliance & Services

Regulatory Compliance

Prepare for Today's Reality of the Distributed Virtual IT Environment

You are responsible for disaster recovery planning at your corporate data center. You have a staff of one. Your job is to properly maintain and test the recovery plans for the mainframe and mid-range computer systems. Occasionally you are invited to provide business recovery consulting to an interested affiliate. However, this is rare because outside the data center the need for business recovery planning is not recognized, not a priority, or not mandated. All of a sudden a directive comes down and now you are at the center of a requirement to produce a plan that encompasses your organization’s entire distributed data infrastructure. Your first reaction is one of elation, your moment has come, but as reality comes into focus you realize the challenges that you face.

The Reality Check

Today's disaster recovery planning for a LAN/WAN environment is not entirely different from that of a mainframe environment - with a few twists. The fundamental objectives of disaster recovery planning are the same regardless of the technologies and platforms. The primary difference is the complexity created by the distributed computing environment and, therefore, the criticality of many elements that have traditionally been considered immaterial.

First, it is important to admit that not every resource is critical; this applies to hardware technology, software or human capital. A recovery planner should understand the critical needs of your recovery and address those first and foremost. Because it is impossible to eliminate all impacts of all potential disasters, each organization must determine what level of recoverability is acceptable for its business compared to the associated costs. While conventional methods of determining an organization's recovery planning requirements such as a risk assessment or business impact analysis are effective in the LAN/WAN environment, the process is not as simple as in the mainframe environment.

Second, it is no longer adequate to evaluate the value of an individual system and its data in a vacuum. It is now imperative to consider the role of each individual system component, from host system to network component to individual workstation, in regard to the overall organization.

Finally, the distributed computing environment also has complicated the "Human Factor" of disaster recovery planning. In the past, the critical IT functions could, in the event of a disaster, be performed by a limited number of individuals with specifically defined skills. In a distributed environment with numerous operating systems and protocols, a large number of skills may be required to reestablish and support an organization's computer systems following a loss or failure. Because these skills are likely to be represented by a large number of personnel, possibly dispersed over a large geographical area, the mobilization and coordination of the participants should be specifically addressed within the organization's disaster recovery plan.

Additionally, the migration to LAN/WAN environments has facilitated the transition of traditional IT responsibilities into the user community. Many companies have made users responsible for backing up data residing on their own workstations. Depending on the criticality of the data and processing involved, it may be necessary to incorporate these systems and the corresponding personnel into the LAN/WAN recovery plan. All organizations should implement an awareness and training program to communicate the corporate recovery strategy to users and to educate them on the roles they are expected to perform during a disaster scenario.

Cyber Communication takes a comprehensive approach to the business continuity planning, focusing on people, process, procedure, infrastructure, information, and technology. We will evaluate your current operational readiness, developing a baseline of operations from which to move forward. Our team will evaluate each aspect of your organization and assist you in developing and implementing the proper strategies and tools to ensure your continued operational success. Our goal is to evaluate the risks associated with running your business, quantify potential impact of those risks, and deliver cost-effective solutions that can be maintained and updated throughout the life of your organization.

When that "eye-opening" opportunity presents you with the challenge of developing your organization's disaster recovery or operational recovery plan, look toward Cyber Communication to assist your efforts. We will bring in the talent, fill in the gaps, provide suggestions based on best practices, and then train your staff. Best of all is the knowledge that together we have established the ground rules for your organizations survivability and hopefully made your challenges a little easier.

The Cyber Methodology

Overview

The result of Cyber Communication's methodology takes an organizational top-down approach. We work with your management team to understand your business and its objectives, your functional managers to integrate processes and procedures, and your people to gain the perspective of those "in the trenches". Our research within your organization will allow the formation of a baseline from which to work. That baseline will become the foundation of the continuity effort. Building upon that, Cyber Communication will work with you to define, develop, implement, and maintain your program.

Phase 1 - Define

The Definition Phase is the most important in the continuity planning process. At the forefront of this phase is the acknowledgement of the need or enhancement of continuity practices within an organization. The goal of this phase is to give you all of the information you will need to properly develop a sound Business Continuity Program. Organization assets, risk exposure, vital business functions and processes, financial impacts of a disruption; are all reviewed and compiled into a Business Impact Analysis. This report will be the foundation of all mitigation strategies and clarify the priority and direction that senior management has established for your specific organization in your specific market dealing with your specific stakeholders.

Phase II - Develop

Taking the results of Phase I (Definition), Cyber Communication is now able to work with your organization to develop your internal continuity strategy and external communication's plan. This phase brings the continuity effort to the forefront of your organization and its people, integrating all aspects of the enterprise into a focused effort. Based on the adopted strategy, Cyber Communication will lead your efforts to address the most critical issues first. The Development phase builds the continuity program from your existing plans or from the ground-up. Team selection, procedural development, command and control, communication, technology, change control, etc. are integrated and presented with short and long-term mitigation strategies in the event of a disaster.

Phase III - Implementation

Upon completing the Development phase of the continuity program, the Business Continuity planning team must transfer control and maintenance of the program to the enterprise. An organization must devote time to training and education, allowing your people an understanding of the program and ensuring that the continuity strategies developed are incorporated into daily activities. The continuity plan is a living plan. It will change and grow with your organization.

Phase IV - Maintenance

Maintaining the plan will be an ongoing process throughout the life of the organization. As your business changes, so will the plan. The integration of the plan into daily activities and holding each functional unit accountable for its contents and procedures is paramount. Cyber Communication will empower you with tools that ensure your organization maintains and updates its plan on an ongoing basis. The Continuity Manager will handle planned exercises, updates, training and education programs, periodic reviews and revisions of the plan.

The most important aspect of the Continuity Program's success is its ability to function when called upon. Cyber Communication's Business Continuity Methodology will assist your organization in planning and actual recovery from any foreseeable interruption you may encounter. Maintaining your operations and empowering you to resume after a crisis is critical for your goals of due diligence, maintaining customer loyalty, market share and competitiveness. Let Cyber Communication prepare your organization to act in the event of a crisis, train your staff and gain competitive strength through preparedness.

Financial Compliance

The “new normal” in the financial services industry is a more regulated, more restrictive, and more closely-watched environment than ever before. Managers, executives, and directors are taking new steps to assess best practices, to protect against losses, and to ensure passing scrutiny on all levels.

Cyber Communication’s consulting practice consists of both in-house staff members and external strategic partners. They represent every corner of the financial world. While no two consulting solutions are identical, we’ll draw upon some core areas of expertise to design a unique solution for your financial institution. Cyber Communication helps financial services and other organizations address regulations and internal policies for compliance to key laws and regulations that companies need to be aware of including:

  • National Credit Union Administration (NCUA)
  • Basel Accords II and III
  • Office of the Comptroller of the Currency (OCC) bulletin 2011-12
  • Red Flags Rule
  • Federal Financial Institutions Examination Council (FFIEC) guidance

Cyber’s HIPAA Compliance Program

Our compliance program consists of a multi-discipline and actionable process. As the State of California HIPAA security project manager for 2 years at the Department of Health Care services, Jack has managed over 27 security projects at one time with full buy-in. Both Jack and Ingela have extensive IT and business background and able to leverage your program,

HIPAA Risk Analysis

Conducting a security Risk Analysis and mitigating security deficiencies is one of the core objectives for Meaningful Use Attestation of Electronic Health Records. Providers that apply for Meaningful Use incentives need documented formal security risk analysis of the EHR system.

Top expertise and tools to complete your risk analysis.

Based on our extensive experience in risk analysis, Cyber Communication experts have developed risk analysis methodologies to help you meet the Meaningful Use criteria and qualify for incentives.

  • Complete rigorous NIST-based Risk Analysis
  • Analyze unlimited number of Information Assets
  • Identify and prioritize all risks
  • Easily manage 100s of threat-vulnerability pairs
  • Maintain vigilance with dynamic SaaS solutions
  • Stay current with ongoing controls and updates
  • Facilitate informed decision making

HIPAA Security Assessment

Complete and thorough HIPAA Security Rule assessment using a tested and risk-based methodology to identify the greatest risk and prioritize the remediation as resources come available.

  • Build and execute your remediation plan
  • Create executive dashboard
  • Empower cross-functional team
  • Build living, breathing compliance strategies that service the scrutiny of auditors
  • Store and manage all HIPAA Security documents – both electronic and paper
  • Updated with all Omnibus Final Rule changes

HIPAA Privacy Assessment

  • Create executive dashboard
  • Build and execute your remediation plan
  • Empower cross-functional team
  • Build living, breathing compliance strategies that service the scrutiny of auditors
  • Store and manage all HIPAA Security documents – both electronic and paper
  • Updated with all Omnibus final rule changes

Gap Analysis

The objective of the gap analysis is to have a complete understanding of where you stand today with regards to various risk management frameworks (PCI, HIPAA, ISO, NIST, ITIL, NFPA, FERC etc.) in order to identify the additional actions necessary to conform to standards or to comply with regulatory requirements. Let Cyber Communication provide you with a risk based roadmap customized to your enterprise and available resources for 'reasonable and appropriate' implementation actions.

Our privacy and security consultants provide our clients with a comprehensive review of:

Examining how well an organization is handling risk is very subjective, as the organization must relate qualitative and quantitative values to some measurement standard that can be applied across the organization. Today's enterprises must judge impact risk and risk controls in some common unit of measure. Cyber Communication's methodology stratifies these risks and safeguards in terms used specifically within your organization to allocate scarce resources in a comprehensive implantation plan that has consistently withstood the scrutiny of regulators or third-party auditors.

Project Management

With so many changes going on today, complexities and uncertainties compound the difficulties of planning for tomorrow. Management must make basic assumptions with reference to Information Technology decisions that have greater ramifications with less and less perfect information. How can you accommodate higher expectations with a shrinking budget? How do you deal with failures in an ever-decreasing recovery window?

Changes in the marketplace create issues for management such as:

  • Increasing expectations in an environment overrun with regulations
  • Wireless and mobile access requirements
  • Call Center reliance and Data/Voice convergence
  • eBusiness and how it's shortened the business cycle and has increased customer reliance on IT processes

Tighter scrutiny - Organizations must protect the privacy of their users. The accounts and personal data have become sanctum sanctorum. Outsourcing with third party partners and Application Service Providers (ASP) is growing in appeal because organizations are transferring risk and gaining efficiencies. But with this business model comes new threats and vulnerabilities. Guidelines and policies from the FFIEC (Federal Financial Institutions Examination Council) have a direct impact on audits and examinations that financial industries must abide to. The GLBA (Gramm-Leach-Bliley Act) requires a higher level of security and assurances for the confidentiality of data. NCUA (National Credit Union Administration) has developed guidelines where credit unions must develop contingency plans for ALL critical resources. HIPAA (Health Insurance Portability and Accountability Act) has far reaching implications outside the obvious health organizations and it outlines due diligence requirements.

Cyber Communication's expertise extends across all management and telecom IT disciplines, offering strategic development through market research and analysis, management consulting, quality assurance and project management.

Our PMP consultants are industry experts in the fields of Security, Business Continuity, Disaster Recovery Planning, Telcom, Systems Integration, Communications and Information Technology disciplines. As an independent consultancy, we offer truly objective advice and assistance to our clients. Cyber Communication has expertise in the associated fields of system selection and evaluation, strategy development and execution, process improvement and optimization, change management, revenue assurance, quality assurance, project management, research and analysis.

Compliance -CyberCommunication Inc.

Regulated enterprises have to balance the requirements of regulation with the reality of business. Let Cyber Communication’s experienced team provide you with the tools and knowledge to navigate the regulatory landscape with practical, cost-effective solutions.