Cyberattacks, privacy/data breaches, spamming, and phishing are serious concerns for every business. Privacy regulation, requirements and penalties are becoming increasingly complex and onerous. Through its affiliated team of technical professionals, Dickinson Wright offers sophisticated cybersecurity & compliance consulting services to businesses that are deliberate about protecting their information systems and meeting privacy compliance standards such as ISO 27001, HIPAA, and PCI.

Dickinson Wright’s consultant affiliate entity (“DWA”) comprises a team of experts with over 35 years of information security experience who are available to consult on a wide range of security and compliance projects. DWA’s core areas of expertise include the following.

ISO/IEC 27001:2013 Certification

DWA’s team of ISO 27001 Certified Lead Auditors assist businesses in navigating the entire ISO 27001 process from policy development to the Stage 2 certification audit. DWA can assist with every step of the audit, including refining and documenting existing policies and procedures, and creating and maintaining updated versions that satisfy industry standards. The DWA team divides the certification process into manageable steps (and tasks) to ensure a stress free and efficient process.

HIPAA Compliance

Increasingly, organizations and businesses in the healthcare sector face pressure to demonstrate to clients and governmental agencies alike that they are taking appropriate measures to safeguard personal health information. Having worked with numerous healthcare sector clients over the years, DWA has the requisite knowledge and expertise to guide organizations and businesses through all aspects of HIPAA compliance including everything from security requirements to navigating the privacy rules.

PCI Certification

With credit card theft and fraud on the rise, businesses must constantly look for better methods to protect cardholder data and mitigate the risk of data breach. By choosing to become PCI certified, businesses can ensure that their cardholder protection mechanisms are in line with the highest industry standards. DWA advises clients on the PCI certification process including navigating merchant levels and compliance requirements. DWA’s custom VelaStar application helps clients approach PCI certification in a straightforward and manageable manner.

Information Security Management System (ISMS)

Although many businesses have processes in place to manage their information security, many still lack a formal set of policies and procedures that cover all aspects and requirements of robust information security. Documenting and formalizing policies and procedures is not only critical for most certification standards, it can also be a significant part of equipping business with a full set of contingencies to handle any issues that may arise. The DWA team has extensive experience in creating, reviewing, revising, formalizing, maintaining and updating policies and procedures covering all aspects of information security.

Gap Analysis and Remediation

The first step for any business interested in evaluating its information security systems, policies, and procedures (including against industry standards) is to conduct a comprehensive gap analysis. DWA assists businesses in conducting their assessments and analysis, and then provides practical assistance with remediation of any nonconforming elements.

Risk Analysis and Assessment

Risk analysis and assessment is a cornerstone of both the ISO 27001 and HIPAA standards, but all businesses can benefit from a detailed risk analysis and assessment. Through identifying and evaluating the risks facing particular business activities, businesses are better positioned to mitigate potential hazards and prepare for unavoidable risks. DWA offers risk assessment seminars as well as business specific risk analysis and assessment services designed to help identify, quantify, and mitigating existing risks. The risk analysis report generated is an invaluable tool (internally), but can also be used to satisfy the requirements of ISO 27001 or HIPAA certification (at a later point).

Audit Preparation

Audits are becoming a common requirement across many industries and sectors. The costs to a business in undertaking the audit process internally (after factoring in the time spent by managers and loss of employee productivity in complying with all requests) can be significant. DWA’s team of ISO 27001 Certified Lead Auditors have expertise in preparing businesses for an audit, and having a perspective from “both sides of the table,” have invaluable insight to assist businesses in passing audit, assessment, certification process (whether internal or client-based).

Internal Security Processes

Certification standards require businesses to develop and maintain specific policies and procedures with respect to change management, asset management and access control. These processes can be burdensome to a business if the information required to maintain them is not centralized in a single database (but instead is spread across different systems). DWA’s team has developed a custom product to assist with this dilemma. VelaStar is a web-based application that helps organizations track all internal processes that are necessary to achieve a given certification. With this and other capability, VelaStar provides businesses with a one-stop platform to manage and monitor all progress toward certification.