top of page

Our Services

Compliance - an opportunity to improve your processes 

For small businesses, a compliance program is always too much. In fact, behind a compliance program, there are processes and ways of doing things. Uniform work methods is a differential asset for a small company.

SOC 1-Conformité-Compliance

A SOC 1 report is an audit of internal controls that a service organization has put in place to protect customer data, particularly internal controls over financial reporting. SOC 1 is the standard by American CPAs in a SOC 1 audit to evaluate, test, and report about the effectiveness of internal controls of the service organization.

The result? A SOC 1 report that validates the organization's commitment to providing high-quality and secure services to customers.

SOC 2-SOC2-Compliance-IT audit-Securité-Security

Introduced in 2011, Service Organization Control Reports (SOC 2) are becoming increasingly popular in discussions about data security and compliance.

But what is a SOC 2 report?
Which one do you need?

Why is a SOC 2 report so important? 
Do you need it, or is it something that looks just like a good on paper?

ISO 27001 - certification

ISO-ISO27001-ISO 27701-Conformité-Compliance

ISO 27001 (formerly known as ISO/IEC 27001:2005) is a framework for an Information Security Management System (ISMS).

An ISMS is a policy and procedural framework that includes all legal, physical and, technical controls involved in an organization's information risk management processes.

The new ISO 27701 to address all GDPR compliance issues. This compliance framework is an extension to the ISO 27001 framework.

RGPD-GDPR-Vie privée-Privacy-Personal data-Données personnelles

The GDPR is a new set of rules designed to give European Union (EU) citizens more control over their data. It aims to simplify the regulatory environment for businesses so that EU citizens and businesses can fully benefit from the digital economy.

The reforms are designed to reflect the world we live in today, and update laws and obligations - including those relating to personal data, privacy and consent - across Europe for the era of connection Internet. Any company that hosts or uses personal data from EU citizens is subject to GDPR.

NIST-Sécurité-Security-USA compliance

The National Institute of Standards and Technology (NIST) guidelines provide all standards for recommended security checks for information systems in U.S. federal agencies.

The U.S. government approves these standards, and companies comply with NIST standards because they include controls of safety best practices in a range of industries.

 

Many private companies doing business with U.S. government agencies or subcontractors that do business with these agencies must comply with  NIST standards.

HITRUST-Health compliane-Conformité santé

HITRUST's Common Security Framework (CSF) is a comprehensive and certified security framework used by health care organizations and their associates to manage regulatory compliance and risk management.

HITRUST unifies the recognized standards and regulatory requirements of NIST, HIPAA/HITECH, ISO 27001, PCI DSS, FTC, COBIT, and can be completed according to SOC 2 criteria, making it the most widely adopted security framework in the healthcare sector In the United States.

bottom of page