Newport Beach, California – Thursday, January 24, 2008. The ecfirst Managed Compliance Services Program addresses the recurring requirements for regulations that typically impact businesses. These include requirements related to PCI DSS, HIPAA, Sarbanes-Oxley, U.S federal and state legislations, as well as the international standard for information security, ISO 27002 (17799:2005).
Businesses today need to comply with regulatory requirements to protect sensitive information about their customers, who may be consumers or patients. The penalties associated with not meeting compliance requirements are not insignificant. Further, organizations have to expend precious internal resources to gain compliance expertise and then manage regulatory requirements for privacy and information on a recurring basis. This can be challenging to most organizations. ecfirst can help.
ecfirst delivers compliance capabilities through its Managed Compliance Services Program – the first of its type in the industry, worldwide.
"Organizations must maintain compliance with regulations that impact their business, enhance the security of the digital infrastructure, and ensure the integrity of all sensitive information and vital business assets," said Uday Ali Pabrai, ecfirst chief executive and co-founder. “Businesses typically may acquire expensive consultants on a project basis or struggle with using already stretched internal resources that may lack the expertise and experience. For less than the cost of one full time professional, the ecfirst Managed Compliance Services Program provides a cost effective way to address mandatory requirements on a continual basis."
With over 900 clients since 1999 and recognized as an Inc. 500 firm – America’s fastest growing Top 500 privately held business in 2004, ecfirst has enabled hundreds of organizations all across the United States and abroad, achieve and maintain compliance with regulations and standards that impact their business.
Legislation mandates require organizations to maintain compliance with reasonable and appropriate safeguards in several specific areas. Compliance requirements result in critical activities that must be conducted on a regular schedule, typically once a year. On a regular schedule, organizations must:
- Assess compliance with the requirements of confidentiality and privacy related regulations
- Assign responsibility to the security officer who is responsible for coordinating compliance and security initiatives
- Conduct a comprehensive and thorough risk analysis that includes vulnerability assessment (penetration testing)
- Complete a Business Impact Analysis (BIA) for contingency planning and disaster recovery
- Develop and update security policies and procedures
- Train all members of the workforce
- Audit and evaluate the information infrastructure
Key features of ecfirst’s Managed Compliance Services Program are:
- Bundled outsourced solution for a fixed monthly fee
- Periodic performance of vulnerability assessments, security risk analysis, BIA and contingency planning
- Training, certification and periodic audit and evaluation to keep your organization fully compliant at all times
- Scheduled block of hours locked in with information security and compliance expertise readily available to your organization at no additional cost
- No fee increases over a 36-month period
The core objective is to enable your organization maintain compliance with regulatory requirements. This helps you focus on the business of delivering exceptional services and capabilities to your client base with the assurance that your business is meeting critical regulatory requirements. The Managed Compliance Services Program provides a 3600 end to end compliance service spectrum that can be tailored to meet your specific requirements.
Additional Value Added Services
Our service offerings are aligned with regulations to ensure complete compliance for your organization. Additional value added services offered by ecfirst include:
- Advisories on Security Vulnerabilities and Fixes
- Security alerts and mailers
- Regular advisories on security vulnerabilities
- Security Monitoring and Management Services
- Centralized security monitoring & event correlation
- Perimeter security monitoring
- Patch/Release Management
- Centralized management for patch deployment activity
- Automated process for patch deployment
- Patch testing
- Patch status reporting
- Security Incident Management
- Develop incident management framework
- Incident detection and classification
- Diagnosis and investigation
- Incident Reporting
- Log Monitoring and Event Correlation
- Log analysis and event correlation
- Trend analysis, pattern recognition
- Storage and retention
- Compliance Dashboards, Trends and Statistics
- Compliance reports and dashboard
- Statistical analysis
Complimentary Regulatory Compliance & Information Security White Paper
For more details on the Managed Compliance Services Program, please contact Ms. Lorna Waggoner, Director of Business Development, at 1.877.899.9974 x17. We would be happy to schedule a conference call to learn more about your business challenges and how our program may be tailored to address your compliance and security priorities. Be sure to ask Lorna for our complimentary white paper on Regulatory Compliance & Information Security. We look forward to hearing from you and bringing immediate value to your initiatives.
About ecfirst
ecfirst is a leader with rich hands-on experience delivering world-class security regulatory compliance solutions across the United States and abroad. ecfirst assists all types of organizations with their compliance initiatives for a secure information infrastructure that is compliant with regulations including PCI DSS, HIPAA, Sarbanes-Oxley, ISO 27002, federal and state legislations and others. ecfirst, an Inc. 500 business, serves a Who's Who client list that includes technology firms, numerous hospitals, state and county governments, and hundreds of businesses across the United States and abroad. The ecfirst compliance training program is exclusively endorsed by the American Hospital Association (AHA).
The ecfirst Regulatory Compliance Practice further delivers deep expertise with its full suite of services that include single sign-on, context management, contingency planning/Business Impact Analysis (BIA), vulnerability assessment, as well as managed compliance, security and IT infrastructure solutions.
Talk to ecfirst.com and you will find an organization that is passionate about its managed services program and exceptionally devoted to its clients.
# # #
