Risk Assessment and Compliance Audits

Leverage proactive management of threats and controls with risk assessments and compliance audits.

Mitigate cyber risks and safeguard your data with streamlined governance, risk management and compliance solutions from OculusIT.

 

Risk Assessment and Compliance Audits

GDPR Assesment Solutions from OculusIT

The General Data Protection Regulation came to power on May 25, 2018. Designed to protect and empower all EU citizens’ data privacy, the EU GDPR controls how organizations handle personal information about their users.

How does GDPR impact your campus?

The breach of GDPR regulations can be fined up to 4% of the annual global turnover or 20€ million, whichever is greater. The government has a tiered approach to fines e.g. an organization can be fined 2% for not having their records in order (article 28), not notifying the supervising authority and data subject about a breach or not conducting impact assessment.

Why do you need a Data Protection Officer under the GDPR?

You would need to appoint a DPO under the following cases:

  • The processing (of personal data) is done by public authorities or a public body, with an exception for courts and independent judicial authorities.
  • The processing is done by processors who regularly and systematically observe ‘data subjects’ (EU residents) on a large scale.
  • The processing involves specific ‘special’ data categories (which are defined in the GDPR), again on a large scale, as processing these special types of personal data is part of your institution.
Risk Assessment and Compliance Audits

Our Approach towards GDPR Compliance

Complying with the General Data Protection Regulation (GDPR) can be complex and challenging. GDPR pre-packaged solutions from OculusIT are designed to get your started from scratch. We help you gain an informed understanding of where your compliance gaps exist. Next, we help you build a roadmap with actionable intelligence that complies with the regulation.

Risk Assessment and Compliance Audits

Assessment & Discovery Services

  • Identify existing policies, procedures and other accountability mechanisms that are already providing rules and guidelines for processing personal data in your organization that may be leveraged and enhanced for GDPR compliance.
  • Provide recommendation and high level roadmap for achieving compliance.

PII Data Discovery (Process & Technologies) –

  • Help you to discover PII across your enterprise and processes governing the usage and management of the PII data.

PII Data Protection Control Assessment

  • Understand whole personal data ecosystem across your campus.
  • Track the key metrics that reveal your level of compliance with data protection regulations and laws, including GDPR.

PII Data/Process Modelling & Visualization

  • We leverage TrustHub Privacy Lens for modeling & visualizing your PII data & processes.
  • Helps you pin-point your issues and highlights process gaps w.r.t. compliance.

Risk Assessment and Compliance Audits

Remediation Services

  • Identify policy objective, define, review & enforce policy framework.
  • Policy and procedure design and re-alignment.

Application/IT Process Re-Factoring

  • Will be facilitated using end-to-end DevOps services, legacy apps modernization, unified testing of services including APIs & micro services.
  • Offers privacy by design, subject access request.

Data Protection Controls Implementation

  • PII Data Discovery & GDPR Gap Assessment
  • DLP, Data Classification, Pseudonomisation (Encryption & Data Masking)
  • Identity Relationship Management, Identity & Data Access Governance, Privileged Identity & Access Management

Breach Detection Control Implementation (SOC)

  • Incident Management (SIEM)

DPO Services

  • Policy & Procedures Review
  • Audit & Assessment
  • Breach Management
  • Data Rights Management
  • Date Security Management
  • Training & Awareness

Risk Assessment and Compliance Audits

On-Going Management Services

  • Continuous Compliance Management
  • PII Data Modelling and Visualization
  • Data Protection Security Controls Management & Monitoring
Risk Assessment and Compliance Audits

GDPR Solutions

GLBA Assessment Solutions from OculusIT

About GLBA

The Gramm-Leach-Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data. Even after years of its implementation, most educational institutions remain unaware of the guidelines laid down by the Act. Ensuring compliance with the Act requires an in-depth administrative evaluation of procedures, networks, and applications. OculusIT GLBA Assessment services help your organization achieve complete control of your IT environment and help you safeguard data.

Key Benefits from OculusIT

  • Third-party objective assessment and a comprehensive report of the state of GLBA compliance at your campus.
  • Identification of non-compliant areas and understanding of what actions are needed to comply with GLBA Safeguards and Privacy Rules.
  • Uncover opportunities to minimize operational, fraud, reputation compliance, and technology risks.
  • Reduction of the cost, confusion, and complexity of GLBA compliance.

Data Privacy Impact Assessments

What is a DPIA?

A Data Privacy Impact Assessment (DPIA) is an analytical process under the GDPR that helps identify and minimize data protection risks. This assessment is mandatory for organizations with technologies and processes that present a high risk to the rights and freedoms of the data subjects.

How does it impact your campus?

An effective DPIA brings broader compliance, financial, and reputational benefits; helps you demonstrate accountability; and builds trust and engagement with individuals. OculusIT conducts DPIA for any type of processing which is “likely to result in a high risk” to individuals’ interests.

Our approach towards conducting DPIAs

  • Identify the need for a DPIA.
  • Describe how the information is collected and utilized.
  • Identify the privacy related vulnerabilities, risks, and threats.
  • Evaluate the privacy solutions by reducing the impact of those risks.
  • Record the DPIA outcomes in a report for submission to the regulatory authority.
  • Integrate those outcomes in your future project plans.

HIPAA Assessment

What is HIPAA?

The Health Insurance Portability and Accountability Act is United States legislation of 1996 that provides data privacy and security provisions for safeguarding medical information.

How does it impact your campus?

With increase in cyberattacks and ransomware attacks on the healthcare industry, all companies that store/ transmit PHI must comply with the Act. If your healthcare organization doesn’t have an ongoing updated HIPAA compliance program, policies, procedure and documentation in place, you must get started immediately.

Our approach towards conducting a HIPAA assessment

OculusIT performs thorough security risk assessments for HIPAA to ensure that all the physical, network, and security measures are being met to satisfy the requirements of HIPAA. Compliance experts from OculusIT generate comprehensive reports to understand the violations, correct them and prevent future risks.