IT Risk, Data Privacy & Security
IT Risk Solutions that help you build trust with your clients and partners
The foundation of a sound information technology strategy begins with having proper governance in place.
Without an established set of objectives, performance targets, and policies that your employees, third parties, and stakeholders adhere to, it’s impossible to manage risk levels for implementing and managing technology, especially in the event of a system outage or malicious attack.
Today, your boards, clients, vendors, and insurers all have expectations of proper governance over your technology stack. Bringing in a trusted advisor to assess and craft a strategic improvement program is essential to implementing and maintaining meaningful IT practices.
Keep Pace with Evolving Compliance Standards
Our firm’s long history in providing audit and tax services makes us naturally focused on risk and compliance. The team of Risk and Compliance Services (RCS) professionals are highly versed in creating IT governance standards specific to your organization’s industry.
Using proprietary software and tools, we help you develop and maintain IT governance protocols to meet the highest levels of compliance and keep pace with evolving regulations each year.
Create Room for Growth by Reducing Risk
Today, security threats come at you from every angle, crack, data point, and weak link. How well you prepare is an indication of how well you can mitigate future risks. Our experienced team of IT risk specialists can help you find even the smallest gaps while guiding you to continually help your organization follow the established risk protocols.
The following is a listing of cyber risk and data privacy areas that our IT risk professionals specialize in:
- NIST 800-53, 800-171, and the NIST Cybersecurity Framework
- Data Privacy and Data Governance
- HITRUST
- PCI Compliance
- ISO Compliance
- COBIT and SEC Cyber Reporting Requirements
- IT Governance and IT Risk Assessments
- IT Audit Co-sourcing Services
- CIS Critical Security Controls
- Third Party Risk Management and Vendor Security
- CMMC
Data Privacy & Security
Personal information is valuable, and regulations, such as the California Consumer Privacy Act (“CCPA”) and the EU’s General Data Protection Regulation (“GDPR”), increase the demand that this type of data be handled according to certain standards and that organizations accept ownership of how they collect, use, and transmit the information of individuals. Our team manages an inventory of personal information in your environment and identifies how your current process involves collection, use, sales, and sharing of that information. After identifying gaps between existing processes and applicable regulatory requirements, we help you develop and monitor your privacy compliance program and provide ongoing privacy program management.
Listing of Data Security and Data Privacy Regulations our Team / Firm have experience with:
- EU/UK General Data Protection Regulation (GDPR)
- California Consumer Privacy Act (CCPA) / California Privacy Rights Act (CPRA)
- Virginia Consumer Data Protection Act (CDPA)
- China Personal Information Protection Law (PIPL)
- Canada Personal Information Protection and Electronic Documents Act (PIPEDA)
- Brazil General Personal Data Protection Law (LGPD)
- Family Educational Rights and Privacy Act (FERPA)
- Children's Online Privacy Protection Act (COPPA)
- Gramm-Leach-Bliley Act (GLBA)
- Health Insurance Portability and Accountability Act (HIPAA): Security, Privacy, Breach Notification Rulings
- NY Shield and NY DFS
- National Security Presidential Memorandum – 33 (NSPM-33)
- Texas Administrative Code 202 (TAC-202)
Risk & Compliance Insights
Curated content related to current risk and compliance issues and how we can help provide guidance.
What's on Your Mind?
Paul Douglas
Paul Douglas is a Partner in the firm and has more than 15 years of experience. Paul primarily focuses on IT risk advisory, data privacy and security strategies, and IT compliance.
Start a conversation with Paul