Compliance
Compliance

Financial Institutions Compliance
REDW’s expert team will analyze and evaluate your organization’s governance of its IT systems and risk management and assessment processes (aka Governance, Risk, and Compliance). We will review previous IT audits and validate implementation of the recommended procedures. Other audit procedures include:
  • Analyze and evaluate the organization and structure of the IT Department (including job descriptions) and review operating policies and procedures.
  • Analyze and evaluate user access controls and access levels, and review end-user IT policies.
  • Review network and data security for compliance with GLBA and all network documentation including network diagrams, hardware and software inventories, and firewall and router configurations.
  • Analyze and evaluate backup and restore procedures, anti-malware procedures and updates, and change management policies and procedures, including system updates.
  • Analyze and evaluate the management, administration, and security of Internet Banking services.
  • Analyze and evaluate network intrusion response plans and intrusion detection processes.
  • Analyze and evaluate the policies and procedures related to processing of electronic funds transfers and ACH transactions.

HIPAA/HITECH Compliance

REDW currently provides IT assessment services to a substantial number of healthcare entities, including work with hospitals, community health centers, nursing homes, and physician practices. Our HIPAA/HITECH security and compliance assessment includes the following procedures:
  • Analyze and evaluate the organization’s governance of its IT system, overall risk management and risk assessment processes, and IT policies and procedures.
  • Perform a gap analysis between your organization’s security controls and the controls required to be in compliance with the HIPAA Security Rule and the HITECH Act.
  • Analyze all network documentation including network diagrams, hardware and software inventories, firewall, and routers.
  • Assess physical and logical security of the systems, backup and restore procedures, antivirus and anti-spyware procedures and updates.
  • Analyze and evaluate network intrusion response plans and intrusion detection processes.

Our experts are frequently asked to present and teach HIPAA/HITECH security requirements related to hospitals, physician groups, and other healthcare related organizations.

Sarbanes-Oxley Compliance
REDW can assist your compliance program in a variety of ways to help you meet upcoming Sarbanes-Oxley compliance deadlines. Our services are provided to public and private companies, nonprofit and government clients and can include:
  • Serve as project manager and develop approach, action plans, timelines and deliverables.
  • Evaluate risk mitigation and internal control adequacy and recommend improvement plans.
  • Provide ongoing monitoring of internal control framework and testing.

Our Sarbanes-Oxley compliance services consultants work closely with internal and external auditors to coordinate needs and minimize the cost of compliance. Our trained professionals will keep you up to date with current regulations, practice standards, and training programs to ensure that there is a paramount level of compliance and professionalism in your business dealings.