Mobile apps, web applications, DevOps
Maintain a secure environment for accepting, processing, storing and transmitting credit card information so you can meet PCI compliance and avoid costly penalties.
At the beginning of a client engagement, we use a PCI responsibility matrix to confirm the owner of each type of security and clearly identify rules for development teams working within the DevOps environment. We also employ a least-privileged approach with developers and resources used with our applications to maintain separate duties and roles as much as possible.
Recent Project: Preparing for a Successful Audit
After experiencing compliance issues that resulted in significant penalties, a bank client was referred to our team by their third party auditor for help with its existing credit card projects and new initiatives. The company brought Five Talent on board to evaluate and resolve PCI issues in advance of its next audit. Our team improved the client’s DevOps publishing process, architecture, and operations. We also provided thorough documentation for its upcoming audit.
Mobile apps, web applications
As the market for mobile health grows, so do opportunities for leveraging technologies that streamline your operations, drive down costs and improve profitability.
We develop mobile and web solutions for healthcare companies that meet HIPAA’s data privacy and security provisions for safeguarding personal health information (PHI). Our expertise includes HL7 file formats and documentation with compendiums for the transfer of medical information from healthcare facilities to 3rd party patient portals and providers. In addition, we utilize data security techniques such as data encryption and anonymization to protect sensitive information.
Recent Projects: Protecting PHI Data
We recently wrote several mobile apps for healthcare clients for use in their surgical rooms. In each instance, our team implemented process security measures for isolating surgical data from multi tenant environments and encrypted data at rest and in transit to secure the information. We also used obfuscation and anonymization for all backups and sensitive data in case it needs to be retrieved again.
Sarbanes Oxley (SOX)
Mobile apps, web applications, DevOps
As a public company, meeting the strict mandates of SOX requires a rigorous approach to your operational security.
We consult with public clients to educate and build SOX-compliant DevOps departments that can deliver software applications following best practices from concept to production. As an augmentation of your development efforts, our team has in-depth experience meeting the regulatory requirements for SOX.
Recent Project: Establishing SOX-Compliant DevOps
A public real estate client engaged us to audit and review its in-house DevOps department as well as educate its development team on SOX-compliant practices. We acted as their full development team, augmenting their operations, finance and marketing departments. We also participated in their SOX compliance process and met all DevOps best practices to help them meet compliance in their engineering department.
GDPR & PIPEDA
Mobile apps, web applications, DevOps, IoT
Whether you have established international markets or plan to expand your operations, data privacy needs to be a top priority for companies with European and Canadian customers.
We help you navigate new rules for collecting and using personal identifiable information (PII) by providing advice and education about how to handle security breaches and create transparency for collecting, storing, and safeguard personal data.
Recent projects: Understanding Complex Rules for Data Privacy
Our team has worked with numerous clients to build checklists for GDPR and PIPEDA compliance. This has included outlining clear strategies for getting explicit, informed consent from users to collect personal data; updating terms and conditions and user licensing agreements; creating a plan of action in the event of a data security breach; and updating vendor agreements as a cross-departmental effort to ensure that Cloud Service Providers (CSPs) are following new requirements.
Web Applications, IT Infrastructure
Protecting criminal justice information (CJI) requires processes and documentation that prevent security breaches and ensures data can stand up to legal scrutiny.
We use data encryption technologies and audit logging tools to prevent CJI data from becoming compromised in transit or at rest. This assures the data integrity of information for detaining criminals, performing background checks, and tracking criminal activity. It also improves the coordinated efforts of criminal justice and law enforcement professionals at local, state, and federal levels.
Recent Project: Data Integrity
One of our clients is a non-profit crime prevention organization that tracks criminal activities across the country with coordinated law enforcement response. We built security solutions using audit logging, monitoring technology, and encryption to collect, track and store information that can withstand legal scrutiny and bring criminals to justice.
With global expertise across diverse industries, we help you:
- Understand your regulatory responsibilities
- Audit current processes for vulnerabilities and areas for improvement
- Build a comprehensive security strategy that includes employees, providers, partners and customers
- Deploy services that evolve with you as your business grows