RISK & SECURITY
GRAYCPA provides a suite of risk and security assessments including cybersecurity, cloud security, privacy, healthcare and government (FedRamp, FISMA, and NIST).
NETWORK SECURITY ASSESSMENTS
Network Vulnerability Assessments
Network Penetrating Testing
Application Penetration Testing
HIPPA Compliance (AT101)
Businesses that help covered entities carry out healthcare activities and functions are required to comply with HIPAA rules to protect privacy and security of protected health information. GRAYCPA provides assessments to examine your written contracts and other arrangements that ensure HIPAA compliance and help you deliver confidence to health care entity customers.
GRAYCPA can assist clients in complying with HIPAA requirements with regards to the required risk assessment and analysis of any identified compliance gaps. We can also integrate HIPAA requirements into a SOC 2+ report if required.
Domestic, cross-border and foreign obligations are included in our privacy attestation services.
As massive amounts of personal data are created, stored, and transferred, adherence to privacy laws and standards is more challenging and more imperative than ever before. The team at GRAYCPA provides privacy attestation services to help your business comply with required international, sector, and state privacy laws while maintaining a reputation for professionalism and strict security protocols.
INTERNATIONAL PRIVACY LAW
The scope and strictness of international privacy laws can often vary. If your business serves customers outside of your home country or region, you may be required to comply with the General Data Protection Regulation (GDPR), the Personal Information Protection and Electronic Documents Act (PIPEDA). Be aware that foreign privacy principles can often be much different or even conflict.
US SECTORAL PRIVACY LAW
The US regulates privacy with a sectoral approach, with laws that are directed only to specific industries. This approach includes laws such as the Health Insurance Portability and Accountability Act (HIPPA), the Gramm-Leach-Bliley Act (GLBA), the Family Educational Rights and Privacy Act (FERPA), and the Children's Online Privacy Protection Act (COPPA). Your IT products and/or services may be required to adhere to one or more of these regulations, including comprehensive policies and procedures to comply.
STATE PRIVACY LAW
Privacy laws now exist in just about every state in the US. Interestingly, these state laws can be broader and more strict than the federal laws. These business and legal obligations can be driven by statute or common law, which makes compliance with these regulations difficult.
Our team can assist in assessing your compliance with privacy laws and standards.
Privacy frameworks like GDPR or GLBA demand that organizations comply with their requirements through a formal review of their existing data privacy and security policies, procedures and technologies through a Readiness Assessment. The assessment identifies potential compliance gaps that need remediation. At completion, an internal-use-only report is issued with the assessment's results and design deficiencies are indicated.
GRAYCPA’s attestation services are conducting in accordance with AICPA standards to provide you with an assessment of your business’s data privacy system design and security programs and compliance with privacy laws and standards. The attestation report can then be provided to clients or users of the clients’ products and services to demonstrate adherence to strict privacy compliance standards.
After conducting our third party assessment, GRAYCPA can provide your business with a report that demonstrates your compliance with HIPAA and HITECH requirements.