Regulatory Compliance Services Continued

b'Sarbanes Oxley- The Sarbanes Oxley Act ofPrivacy Standards Assessments & Strategy2002 (SOX) has very specific stipulations andWe conduct gap analyses and remediation programs for requirements related to information security andcompliance with standards including:data governance that apply to all publicly held U.S. companies, international companies with SECFFIEC- Our experts perform an assessment and registered securities and to third-party firms thatassist with remediation measures, so organizations provide financial services to these companies suchmeet cybersecurity standards set by The Federal as CPAs. Financial Institutions Examination Council.SEC Cybersecurity- The Office of ComplianceISO27001 Gap Analysis- We identify gaps in Inspections and Examinations (OCIE) and thecompliance with ISO27001, a framework for U.S. Securities and Exchange Commission (SEC)organizations to implement a standardized conduct cybersecurity examinations that apply toapproach to information security.financial institutions including investment advisors,ISO27001 Certification-We certify organizations investments companies, broker-dealers, transferthat meet ISO27001 requirements, as demonstrated agents, and private fund advisors. We evaluateby detailed testing.preparedness levels for the actual examinations and help organizations reach compliance-readyNIST Gap Analysis- We identify gaps in levels. compliance with the National Institute of Standards State Cybersecurity Regulations- All 50 states,and Technology (NIST). the District of Columbia, Puerto Rico, Guam and theNIST Tests- We perform highly specific NIST tests Virgin Islands have laws pertaining to data breachesand assessments, followed by remediation.and cybersecurity. Certain entities that operate inPCI QSA Gap Analysis-We identify gaps in the state of New York must comply with that statescompliance with the Payment Card Industry Data latest cybersecurity regulation. Security Standard (PCI DSS).PCI QSA Security Audit- A certified Quality Security Assessor (QSA), ERMProtect audits for compliance with requirements set by the PCI Council, and awards those who qualify with a Report of Compliance (ROC).PCI Network Scanning- We provide quarterly network vulnerability scans required by PCI DSS. PCI Penetration Test We perform penetration tests required by PCI DSS.305-447-6750 |info@ermprotect.com |https://ermprotect.com'