At MIRTECHNOLOGI, we assure the implementation and auditing of the globally practiced standards by certified professionals. We can assist you in obtaining full compliance for your organization by following rules, guidelines, and bars.
- ISO 27001: The international standard designed to help organizations manage their information security processes by global best practices. It applies to all organizations irrespective of their size or nature.
- SOC-2: A report on Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality, and Privacy.
Regarding your organization, the SOC-2 reports are for the stakeholders who need detailed information and assurance about the controls of your organization related to the security, availability, and processing integrity of the systems. These reports ensure the implementation of the following:
-
- Active Organizational and Regulatory oversight for the organization
- Vendor Management System
- Corporate Governance Framework and Risk Management Regime
- NIST-Framework: The Framework emphasizes business drivers to direct cybersecurity activities, including cybersecurity risks management in an organization’s general risk management. It focuses on the following:
- The Framework will help the organization align its cybersecurity activities with its business requirements, risk tolerances, and resources.
- It provides a mechanism for organizations to view and understand the characteristics of their approach to manage cybersecurity risk.
- Industrial Automation and Control Systems (IEC 62443): The ISA/IEC 62443 is a series of standards that provides a flexible framework to address and lessen security vulnerabilities in Industrial Automation and Control Systems (IACSs).
Security for Industrial Automation and Control Systems offers the cybersecurity technical requirements for components that make up an IACS, specifically the embedded devices, network components, host components, and software applications.
- GDPR - General Data Protection Regulation (EU) 2016/679 Compliance: A regulation for European countries on data protection and privacy. GDPR mainly purposes to give control to clients over their data. It applies virtually to every organization offering its services to Europe or is handling the personal information of EU citizens.
- CCPA - California Consumer Privacy Act 2018: The law passed by the State of California responds to the increased role of personal data in modern business practices and the personal privacy implications surrounding the collection, use, and protection of personal information.
- HIPAA - Health Insurance Portability and Accountability Act of 1996: HIPAA is a United States law that mandates adopting a mechanism for data privacy and security for safeguarding medical information. The HIPAA Privacy and Security Rules provide protections for Protected Health Information (PHI), and Electronic Protected Health Information (ePHI) held or transmitted by a covered entity or business associate.
- HITRUST - Health Information Trust Alliance: The standard’s approach is to assemble and maintain the components of risk management and compliance programs.