This is a huge subject which can be intimidating in scope and is defined by external authorities such as the SEC and FINRA. Oftentimes it is difficult to discern specific meaning and execution required to meet all recommendations and keep them in balance.
One firm we highly recommend is Regulatory Compliance Solutions Inc. who have always provided financial services firms sage advice. They also have annual workshops on compliance and reading the SEC crystal ball.
While we are happy to refer your firm to compliance experts like RCSI, we also take an active interest in these regulations as they often present very reasonable recommendations that should be incorporated in your business planning.
At Humble Monkey, we can configure, implement and audit IT policy in order to ensure our clients are protected against security threats and are compliant with critical data protection regulations. We have a great deal of experience in this area, and can recommend necessary and appropriate policies for your organization so that you can continue running your business with complete peace of mind that IT security and compliance is in order.
Restrictive policies might solve most problems but we believe that technology has a reasonable expectation that it should provide a meaningful use to people. What’s the use of an environment where it is difficult to get things done? “Where’s the balance?” is often the question. The second question is often, “How will an audit interpret our efforts?”
We try to base our recommendations on best practices in technology but also incorporate how your staff need to work in reality.
Any effort needs to focus on the full range of your business. What you do, what does the data on your network represent, which firms do you interact with and what are the other elements that allow us to define value and therefore determine risk.
We look at the external environment, connectivity from outside, the internal network and the content of information secured on your network. User policies can dictate file access while global settings can address procedures for passwords, screen lockouts, specific network access and more.
Compliance is made up of internal controls as well as specific requirements of the Sarbanes-Oxley Act, including network security, data retention, IT policies, and audit-ability of those policies. We have worked with many clients and independent compliance experts in order to satisfy government requirements. It is important to understand that any effort has to be part of a comprehensive whole in order to be effective. This runs the range and scope of the “On boarding” policies for new staff to the security of phone systems.
The paramount element is however your people and their education with respect to Cyber Security not just in the office but in their own lives as well.
Our process starts with a discussion with each client to agree the objectives to be accomplished. We will get to know your business in great detail in order to ensure that all of your requirements are fulfilled and that you fully understand the regulatory requirements your IT department should have in place.
No matter what your security and compliance needs, our team can provide you with the expertise and solutions necessary to satisfy these crucial questions effectively and timely.