We are here to help you navigate compliance. Each engagement and service is developed to fit your organization’s size and infrastructure complexity. Regardless of your vertical or size, we are here to provide solutions and mitigate risks as they relate to your business productivity and continuity. We perform in-depth control testing to determine if implemented controls are effective. The United States Department of Health and Human Services has stated that the NIST 800-30 guidance is an acceptable risk assessment strategy, and thus TorchLight performs our assessments according to this methodology.
After an engagement, a detailed report listing the compliance gaps for all administrative, physical, and technological safeguards will be provided, along with detailed recommendations for remediation.
TorchLight has met the rigorous requirements of the PCI Security Standards Council to become Qualified Security Assessors, which is the only certification that authorizes auditors to complete your Attestation of Compliance and Report on Compliance. Our auditors have the experience necessary to assist in identifying the Self-Assessment Questionnaire (SAQ) and properly filling it out
With digital payment methods becoming a preferred method for many vendors and clients alike, it is more important than ever to secure your transactions.
TorchLight has over a decade of experience working in the healthcare space from regional healthcare centers to big-city hospitals. We have executed hundreds of comprehensive HIPAA Audit, Risk Assessment and Gap Analysis based on the HIPAA Audit program set forth by the U.S. Department of Health & Human Services Office of Civil Rights, bound to the NIST 800-30.
The entire audit protocol is organized around modules, representing separate elements of privacy, security, and breach notification.
TorchLight's auditors are equipped to help meet your compliance needs whether GLBA, FFIEC, NCUA, SOX, or other SEC regulations for your financial institution. Regardless of size or complexity, our team executes compliance and audit services based on robust Information Security standards set forth by the National Institute of Standards and Technology (NIST), the United States National Security Agency (NSA), and the SysAdmin, Audit, Network, Security Institute (SANS Institute), and Control Objectives for Information and Related Technology (COBIT). Our team has experience working with credit unions, banks, mortgage and investment firms nationally.