Compliance
A risk and cost-reducing approach to compliance
Compliance requirements are increasing in complexity and scope faster than many organizations can adapt. While consumer protection and privacy regulations are expanding, buyers are more stringent in vetting their supply chains, and boards are increasingly scrutinizing the performance against and adherence to applicable regulations.
Calvetti Ferguson takes a prioritized approach to help you achieve compliance by reducing overall costs to meet and document your status. Most required controls are already built into mature IT and security programs, so we help you map the controls in place to those you need to demonstrate. Additionally, not all compliance frameworks or controls are necessary for all organizations, so we help you understand which you need now, which you may need in the future, and which you may be able to avoid. Finally, we recognize that the least costly approach to compliance is to reduce the technology footprint that falls within scope.
Our consultants have experience with the following compliance frameworks (and several more):
-
- Sarbanes Oxley (SOX)
- System and Organization Controls (SOC) Type 1 and Type 2
- National Institute of Standards and Technologies Special Publication 800-53 (NIST SP 800-53)
- International Organization of Standardization (ISO), including ISO 27001, ISO 29147, ISO 30111
- Health Insurance Portability and Accountability Act (HIPAA)
- Federal Information Security Management Act (FISMA)
- Federal Risk and Authorization Management Program (FedRAMP)
- Federal Information System Controls Audit Manual (FISCAM)
- Defense Federal Acquisition Regulation Supplement (DFARS)
- EU General Data Protection Regulation (GDPR)
- California Consumer Privacy Act (CCPA)
Contact us
Calvetti Ferguson works with companies, private equity firms, and high-net-worth individuals nationwide. Regardless of the complexity of your compliance, assurance, advisory, or accounting needs, our team is ready to help you. Please complete the form below, and we will follow up with you shortly.