Article by
Gildas Jones

For many suppliers and providers, knowing that a partner company isn’t going to be at risk of cyber attack is a big driver of who they do and do not want to do business with.
That’s why so many suppliers and providers require you to have one of these four common types of business compliance.

2/18/2021

4 Most common types of business compliance

4 Most common types of business compliance

No one wants their own business to go down to a cyber attack. No one wants their client businesses to either.

In fact, for many suppliers and providers, knowing that a partner company isn’t going to be at risk of cyber attack is a big driver of who they do and do not want to do business with.

That’s why so many suppliers and providers require you to have one of these four common types of business compliance before you can do things like use them to set up payments on your website.

Four common types of cyber security business compliance

1) Cyber Essentials

Cyber Essentials is a UK government scheme which is designed to cover all the basics of cyber security. With Cyber Essentials credentials, you will be:

  1. Demonstrating to customers and suppliers that you have made a real effort to sure up your cyber security measures.
  2. Aware that the current state of your cyber security practices meets that minimum standard – and hopefully where you can make further improvements.
  3. Protecting your organisation against all kinds of basic threats.

This scheme comes in two levels of certification – Cyber Essentials and Cyber Essentials Plus – and is enough to protect you against most of the standard sort of cyber security threats out there. It is also a requirement if you want to bid for most government contracts.

Dial A Geek has already helped dozens of businesses across Bristol achieve their Cyber Essentials credentials, so we can vouch for the scheme wholeheartedly.

2) PCI compliance

The PCI (Payment Card Industry) Security Standards Council puts a great deal of effort into defining the cyber security standards it expects of its stakeholders.

In fact, if you want to be able to accept credit card payments, you must be PCI compliant. The PCI standards lay out a three-step process:

  1. Assessment – where you identify cardholder data and assess your IT assets and card processing methods for potential issues.
  2. Remediation – where you fix those issues and make sure you are not storing cardholder data unless you really need to.
  3. Reporting – where reports are submitted to the relevant banks and card providers to show you have done all of the above.

The PCI council always emphasises that cyber security is not a “one shot and done” sort of deal. They point to many real-life situations where originally compliant organisations let things slip and then suffered a breach.

That’s the reason why cyber security experts like our Geeks will always encourage you to treat compliance with PCI standards and the other standards listed here as an ongoing process. Not a yearly box to be ticked.

3) HIPAA compliance

The Department of Health and Human Services (HSS) – sometimes known as the Health Department – is the US government body which governs HIPAA compliance. HIPAA is designed to protect the privacy of individuals’ health information.

HIPAA can be roughly thought of as the equivalent to GDPR in Europe. But with HIPAA, the data which is being protected is specifically medical information.

Strictly speaking, there aren’t yet any HHS-endorsed HIPAA accreditors or certifications. Again, this is because the Department of HHS does not see compliance as a one-off task. Instead, it is an ongoing process which needs to be regularly monitored.

Despite this, Dial A Geek can certainly help you ensure that you are in full compliance with all of the extensive requirements of the US Health Insurance Portability and Accountability Act.

4) ISO 27001 compliance

International Standard ISO 27001 describes a framework of expected standards for an ISMS (Information Security Management System). This covers all of the processes and policies you have in place for dealing with data.

You can be certified as being ISO 27001 compliant by an accredited certification body. Once you’re certified, the status lasts for three years. However, you will be expected to receive annual visits from your accreditor to make sure you are keeping your processes up-to-date.

Why aim for business cyber security compliance?

Achieving any of the types of business compliance listed here will give you a whole range of advantages. You will:

  • Protect your business and your clients
  • Be able to show off your organisation’s high cyber security levels
  • Attract new customers
  • Demonstrate to suppliers that you are a partner which can be trusted

All in all, if your business isn’t already compliant, today is the day to get started.

Need to know which type of business compliance would be best for you?

Dial A Geek has already helped nearly 1000 businesses in and around Bristol make their technology work for them for a change.

Contact us today for a chat with one of our friendly and knowledgeable Geeks. Call 0117 369 4335 or follow this link to book a meeting with our chief Geek Gildas Jones.