Get a free Compliance Assessment
What is it?
Managed Compliance Services (MCS) are a suite of capabilities and services designed to bring your organization into compliance and then maintain that compliance standard. V2 Systems’ approach follows these five functions:
Identify
Perform a gap analysis on your information systems, corporate policies, and standard operating procedures relative to the compliance standard. This process identifies your vulnerabilities and offers recommendations that allows business leaders to assess real business risk and budgets.
Protect
Establish a library of policies, procedures and system configurations that safeguards your critical services and data. This is accomplished through a combination of training, identity management, information technology governance and mobile device management. Examples of services would be Microsoft Intune, AWS GovCloud IAM, and Azure Active Directory.
Detect
Implement services that can analyze critical system activity and alert stakeholders to review and take action if required. Examples of services that can accomplish this would be SentinetOne Complete, Azure Sentinel, Splunk Enterprise and AWS GovCloud CloudTrail/CloudWatch.
Respond
Create procedures, organizational roles and implement automated systems intended to take action during a cybersecurity incident. Establishing an incident response plan, installing Endpoint Detection and Response (EDR) tools (e.g. SentinelOne Complete) and leveraging a Security Operations Center (SOC) will provide you with the response requirements you need.
Recover
Establish services and procedures that ensure your critical services and data may be restored or supplemented during a cybersecurity incident. Assessing the risk and impact of service outages and documenting the recovery procedures allows you to maintain continuity through incidents.
At the conclusion of establishing these five functions, your organization is transitioned into Managed IT Services where the constant review and upkeep of these functions is provided. This allows you to maintain compliance and free up internal resources to stay focused on your core business.
Who is it for?
Organizations in regulated industries such as Department of Defense (DoD) contractors, healthcare and financial services all have some compliance requirements based on standards: NIST SP 800-171, CMMC, ITAR, HIPAA, PCI, and GLBA are just a few examples.
Benefits
Leveraging Managed Compliance Services allows your organization to focus on its core business. There is significant effort into assessing, mitigating and maintaining compliance with these standards. V2 Systems has the knowledge, experience, tools, and services to provide every aspect required from these standards. Our offering is customizable and can be used in whole or in part to augment your information technology team.
Compliance Standards
NIST SP 800-171
NIST SP 800-171 is a publication that specifies the requirements for protecting CUI. The United States Department of Defense (DoD) contractors must implement these requirements to demonstrate adequate security to protect the covered defense information included in their defense contracts, as required by DFARS clause 252.204-7012.
CMMC
CMMC (Cybersecurity Maturity Model Certification) is a suite of compliance levels rooted in NIST SP 800-171. The CMMC compliance level that a DoD contractor will have to meet will depend on the contract requirements for handling of FCI and CUI. CMMC is still in an interim period and is expected to become a requirement on DoD contracts in Q1 of 2024.
ITAR
The International Traffic in Arms Regulations (ITAR) is the United States regulation that controls the manufacture, sale, and distribution of defense and space-related products and services. ITAR mandates that access to physical materials or technical data related to defense and military technologies is restricted to US citizens only.
HIPAA
The Health Insurance Portability and Accountability Act (HIPAA) is a United States federal law that requires organizations protect sensitive health information from being disclosed without consent or knowledge. HIPAA specifies that individually identifiable health information an organization receives, maintains, or transmits in electronic form be protected.
PCI DSS
The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards that apply to all companies that process, store, or transmit credit card information. The intent is to ensure that credit card information is secured based on an organization’s volume of transactional usage.
GLBA
The Gramm-Leach-Bliley Act (GLBA) requires financial institutions – companies that offer consumers financial products or services like loans, financial or investment advice, or insurance – to explain their information-sharing practices to their customers and to safeguard sensitive data.
Happy to help!
Call us at 703.962.4508 or fill out the quick form below and we’ll hit you back right away.