As a business owner, you understand being compliant means running your business under the state and/or federal guidelines that apply to your industry. There are many industries who may run into several different compliance requirements, but the basic concept of being compliant is the same. Essentially, it’s ensuring your company follows identified rules, laws or best practices. It includes safely managing the information your company obtains from employees or customers, and also creating and following a strict internal policy that adheres to regulations.
While there are general laws that can apply to most businesses, such as Franchise tax or Fair Labor Standards Act (FLSA), there are additional compliance requirements for specific industries, such as the Health Insurance Portability and Accountability Act of 1996 (HIPAA) for health-care organizations or the Payment Card Industry Data Security Standard (PCI-DSS) for retail or restaurant businesses. According to Online Tech, HIPAA compliance also applies to “anyone who provides treatment, payment and operations in healthcare, and business associates (BA), anyone with access to patient information and provides support in treatment, payment or operations. Subcontractors, or business associates of business associates, must also be in compliance.”
Most importantly, the core of these compliance requirements is centered on how your network and IT systems are setup and managed on a day-to-day basis. Having a seasoned managed service provider (MSP) handle this can make or break your ability to be compliant.
We’ve compiled this general compliance checklist to help you get started.
-
- Facility access control. If applicable, set up a policy for which employees have access to certain facilities or locations. This is especially important for federal contractors who may be working with sensitive information.
- Technical safeguard setup. Make sure you have access controls in place that protect company data. Not every employee should have access to the same programs, data or servers. This might include automatic log off and unique user IDs. Additionally, set up restrictions for public access.
- Password Policy. Securing your company’s employee passwords will protect your internal data from being accessed by an outside source. Set up a policy that reviews password length, characters, frequency of changes, and blocking users after a certain number of logins.
- Regular security updates to software and programs. This is important to protecting your network from hackers, but also keeps you in line with many compliance requirements.
- Safeguards from viruses, malware and ransomware. This includes educating your employees on the current threats and setting up email filters to weed out potential spam.
- Media Removal Policy. Create a policy for media removal explaining how, when and why any media is removed from the company’s servers.
- Disaster recovery plan and backups. Have a plan in place in the event of data breach or network issue. Keeping an offsite backup that’s regularly updated will help you recover data quickly and keep your business running.
- Hardware and Software Audits. Perform regular audits and reviews to keep records on activity related to hardware or software.
- Encrypted data. This specifically applies to PCI and HIPAA. Make sure your patient/customer information is encrypted. In the event of a hack, this will make it more difficult for their personal information to end up in the wrong hands.
- Risk assessment. Look at your current network to identify and fix potential risks. Compile the information into a detailed report that your team can review. This information will further assist you in implementing compliant systems, like HIPAA. Valeo Networks offers a free one-hour on-site assessment of Network Infrastructure.
Hiring a managed service provider (MSP) that is familiar with your particular industry’s compliance guidelines will guarantee your business meets requirements. Valeo Networks offers support for everything listed above and specializes in HIPAA and PCI-DSS compliance. Contact us to learn more!