Computer, Network and Information Security Consulting Services
› return to original page

Compliance Consulting

Polar Cove's Legislation and Regulation Compliance Audit satisfies the testing and risk assessment requirements for personal data protection and information security for a variety of legislation (listed below). Polar Cove applies a standard auditing methodology, called the Open Source Security Testing Methodology, which represents a comprehensive set of rules and guidelines for security auditing and testing-from the outside of an organization to inside.


Compliance Audit Includes:

  • United States of America

    USA Government Information Security Reform Act of 2000 Section 3534(a)(1)(A)
    Health Insurance Portability and Accountability Act of 1996 (HIPAA).
    OCR HIPAA Privacy TA 164.502E.001, Business Associates [45 CFR §§ 160.103, 164.502(e), 164.514(e)]
    OCR HIPAA Privacy TA 164.514E.001 Health-Related Communications and Marketing [45CFR §§ 164.501, 164.514(e)]
    OCR HIPAA Privacy TA 164.502B.001, Minimum Necessary [45CFR §§ 164.502(b), 164.514(d)]
    OCR HIPAA Privacy TA 164.501.002, Payment [45 CFR 164.501]
  • Canada
Provincial Law of Quebec, Canada Act Respecting the Protection of Personal Information in the Private Sector (1993).
  • United Kingdom

UK Data Protection Act 1998

  • Australia

    Privacy Act Amendments of Australia-Act No. 119 of 1988 as amended, prepared on 2 August 2001 incorporating amendments up to Act No. 55 of 2001. The Privacy Act 1988 (Cth) (The Privacy Act) seeks to balance individual privacy with the public interest in law enforcement and regulatory objectives of government.
    National Privacy Principal (NPP) 6 provides that an individual with a right of access to information held about them by an organization.
    National Privacy Principal (NPP) 4.1 provides that an organization must take reasonable steps to protect the personal information it holds from misuse and loss from unauthorized access, modifications or disclosure.

IS 17799-2000 (BS 7799)

Polar Cove's Compliance Audit fully complies with all of the remote auditing and testing requirements of BS7799 (and its International equivalent ISO 17799) for information and security testing.

GAO and FISCAM

Polar Cove's Compliance Audit fully is in compliance to the control activities found in the US General Accounting Office's (GAO) Federal Information System Control Audit Manual (FIACAM) where they apply to network security.

CASPR

Polar Cove's Compliance Audit is in full compliance with the best practices and guidelines set forth by document control and peer review from the members of the Commonly Accepted Security Practices and Recommendations (CASPR) of which this manual will fulfill a Best Practices need for Security Testing in Internet Security.

OWASP

Polar Cove's Compliance Audit is in full compliance with the remote security testing and auditing of web applications as per the Open Web Application Security Project (OWASP).

SET

Polar Cove's Compliance Audit fully incorporates the remote auditing test from the SET Secure Electronic Transaction ™ Compliance Testing Policies and Procedures, Version 4.1, February 22, 2000

 


© 2006     Polar Cove