compliance services header
Compliance Services

Perhaps the only thing that has changed as dramatically as technology over the past decade is compliance regulation. Organizations are now subject to more oversight than ever before, and many have become overwhelmed. When your compliance efforts begin to distract you from your core business initiatives, it’s time to turn to the experts for help.

At KPM VIPER, we are both IT and financial specialists, combining these essential disciplines to make your management of the regulatory environment as painless as possible.

Over the next few years, we anticipate further compliance requirements and specifications to surface, and KPM VIPER Consulting will be there to meet these complexities with ongoing support of your financial functions and advice to help guide your decisions. We can help you to avoid wasting vast amounts of money, resources and time.

Our expertise extends to a variety of key compliance regulation issues, including:

Sarbanes Oxley (SOX) Compliance Services

Originally signed into law in 2002, SOX was enacted in response to high-profile financial reporting scandals that followed the high-tech boom of the late ’90s.

KPM VIPER is a noted industry leader in SOX preparation and works with clients to assist them with implementing and managing their financial and IT controls. KPM VIPER works collaboratively with functional managers to understand and document their current environment and processes, using current standards for information technology (COBIT) and financial-based controls (COSO).

KPM VIPER then identifies any gaps in the control environment and works with the staff to create new, compliant controls that work within the client’s current operations.

KPM VIPER clients have a wide spectrum of controls currently in place, and we take the approach that each client is unique and must be treated as such. We know that when it comes to SOX compliance, one size does not fit all. Our years of experience help us create a customized and reasonable approach for each individual client to achieve the desired result.

Statement on Standards for Attestation Engagements No. 16 (SSAE 16) and Service Organization Reports (SOC)

Customers are increasingly demanding a high level of confidence in their vendors' environments, especially when those vendors handle their sensitive information. The most common tool for achieving this level of confidence is through a SOC report or Service Organization Report.

KPM VIPER works with its clients to understand the requirements of a SOC engagement and determine if it is the correct solution for meeting their clients' needs. Working with senior management to understand both company goals and the corporate mandate, KPM VIPER will assess the operational effectiveness of the company's controls and help identify any potential gaps in the process.

KPM VIPER works with clients through the entire process, from helping build the control environment to working with the auditors to gain a complete understanding of the process and controls that are in place.

KPM VIPER also provides services for SSAE SOC 1 and SOC 2 AT 101 both Type I and Type II as well as SOC 3 WebTrust / SysTrust.

Payment Card Industry (PCI) Compliance

In the current worldwide economy, credit cards have become a necessity of doing business. Merchants and service providers, in order to compete, provide all means and mechanisms for accepting payments.

Working with credit cards, storage, retrieval, transmittal and processing provides a target-rich environment for those looking to steal, defraud or interfere with your transactions and sensitive information.

For service providers or merchants who are required to comply with PCI Standards, KPM VIPER can help you scope out and implement the necessary compliance projects to ensure the security and validation of your systems and processes.

Health Insurance Portability and Accountability Act (HIPAA) Compliance

HIPAA requires the Department of Health and Human Services (HHS) to establish national standards for electronic health care transactions and national identifiers for providers, health plans and employers in order to improve health insurance coverage, simplify the administration of health insurance and combat waste, fraud and abuse.

Organizations required to comply with HIPAA include:

  • Covered Health Care Providers
  • Health Plans
  • Health Care Clearinghouses
  • Medicare Prescription Drug Card Sponsors

Within the scope of HIPAA’s risk analysis specification is a vulnerability assessment requirement. KPM VIPER can perform the requisite analyses and assessments to ensure your organization complies with HIPAA’s security guidelines and identify gaps that could be exploited by internal or external attacks.

Massachusetts Privacy Law 201 CMR 17.00 Compliance

Massachusetts Privacy Law 201 CMR 17.00 (Protection of Personal Information of Residents of the Commonwealth), also called the Mass. Privacy Act, is set to be implemented on March 1, 2010.

This law was proposed based largely on the recent flood of data breaches that have occurred, exposing personal identifiable information. The public has spoken, and corporations are being held responsible to take proactive steps to ensure the data they have been entrusted with is treated with the highest level of security. Anyone who does business in the state of Massachusetts and collects specific types of personal information must comply with this law.

KPM VIPER’s key objective when helping its clients become compliant with The Mass Privacy Act and other new compliance regulations is to minimize cost outlays. We put our experience and expertise to work to help you utilize technology to create operational effectiveness and achieve your goals with the least intrusive approach possible.

Part 11 of the FDA’s “Code of Federal Regulations”

Part 11 establishes the criteria under which electronic records and signatures will be considered equivalent to paper records and handwritten signatures, as well as the manner in which such records must be maintained or submitted. For those to whom this regulation applies, electronic documents must be stored, internally reviewed and made available for review by the FDA.

KPM VIPER can assist you in your Part 11 compliance efforts and improve the accuracy, security and reliability of the process while decreasing the expense of maintenance.

Gramm-Leach-Bliley Act (GLBA) Compliance

The GLBA stops the practice of buying and selling sensitive personal information under false pretenses. The act requires that financial institutions take steps to ensure that customer records and information are secure and kept confidential as well as protected against potential threats or hazards to their integrity.

Our consultants can help you adopt the necessary standards to make your organization GLBA compliant.

British Standard 7799 and ISO 17799 Compliance

British Standard 7799 and the related ISO 17799 Standard put forth best practices for the information security field. These comprehensive guidelines encompass many specific areas, including security policy, organization of assets and resources, asset classification and control, personnel and physical security, communications and operations management, access control, systems development and maintenance, business continuity management and compliance.

KPM VIPER can assist you in your British Standards 7799/ISO 17799 compliance and help simplify this often substantial task. We will help you establish the most appropriate compliance level for your organization, identify additional controls to increase your security where necessary, and provide you with a customized and comprehensive report of our recommendations and next steps.


site mapcontactclient login

Business Ideas at Work