Compliant Services

Information privacy and security is a critical component of business. Complying with complex regulations can be costly and time-consuming. TyMatt Computer Solutions has served many clients in the banking, finance, and health industries. We have the expertise necessary to ensure that your network and other IT solutions are in full compliance with the privacy and safety requirements mandated by Sarbanes-Oxley (SOX), Financial Institution and Exchange Laws (J-SOX), HIPAA, HITRUST, and ISO 27001 certification.

 

Sarbanes-Oxley (SOX)/J-SOX

TyMatt Computer Solutions works with each of its clients to customize the right SOX/J-SOX solution for their particular circumstances. The compliance services that we provide include:

  • Project planning and management
  • Documentation of business and IT processes and controls
  • Gap analysis and remediation recommendations
  • Testing and evaluation of controls’ design effectiveness
  • Development and implementation of test plans for operational effectiveness
  • Identification and elimination of duplicate or redundant controls
  • Electronic documentation of risk control matrices, test plans/testing evidence, including documentation of review and approvals of all e-documents
  • Monitoring and reporting project results

 

IT Audits, Security Testing, Risk and Policy Reviews

As organizations grow it’s critical that technologies also continue to develop and grow in order to maintain compliance. TyMatt leverages its knowledge and experience to deliver practical, proven services and recommendations that satisfy the needs of our clients’ organizations. We focus on:

  • Application System Reviews
  • Information Security Assessments
  • Change Management Reviews
  • Computer Operations Evaluations
  • IT Policy Development and Reviews
  • Internal Audit Preparation

 

ISO 27001 Compliance

ISO 27001 is the most universally accepted standard for information security throughout the world. It’s used as a benchmark for protecting sensitive and private information. ISO 27001 is considered an “umbrella” over other privacy and security law or regulation (such as JSOX, SOX and the Data Protection Directive) or contractual standards (PCI DSS) because it requires companies to review those obligations when assessing risk.

TyMatt Computer Solutions can guide you through the development and implementation of processes and procedures for these top ISO 27001 key control areas:

  • Security Policy
  • Organization of Information Security
  • Asset Management
  • Human Resource Security
  • Physical and Environment Security
  • Communications and Operations Management
  • Access Control
  • Information Systems Acquisition, Development and Maintenance
  • Information Security Incident Management
  • Business Continuity Management
  • Compliance

 

HIPAA/HITRUST Compliance

The Health Insurance Portability and Accountability Act (HIPAA) of 1996 is a comprehensive law covering the development of electronic data interchange (EDI) for certain administrative and financial healthcare transactions. The Health Information Trust Alliance (HITRUST) is the most commonly recognized and widely used security framework for the health industry.

TyMatt Computer Solutions focuses on the importance of understanding and incorporating the HIPAA/HITRUST regulatory compliance requirements into an existing organizational strategy and compliance infrastructure. We offer cost-effective, flexible, and customized HIPAA services to meet our client’s needs. Our services range from consulting services that identify basic, operational improvements to the development and implementation of a comprehensive HIPAA compliance strategy.

  • Risk analysis and assessment
  • Self-assessment tools
  • Gap analysis and remediation plan
  • Education and management assessment
  • Integration of transaction standards, code sets and unique identifiers
  • Privacy strategy development
  • Health information uses and disclosure assessment
  • Development of HIPAA/HITRUST compliance strategy plan
  • Awareness and training
  • Medical records compliance review
  • IT infrastructure readiness audit