4 Most common types of business compliance
No one wants their own business to go down to a cyber attack.
No one wants their client businesses to either.
In fact, for many suppliers and providers, knowing that a partner
company isn’t going to be at risk of cyber attack is a big driver of who they
do and do not want to do business with.
That’s why so many suppliers and providers require you to
have one of these four common types of business compliance before you can do
things like use them to set up payments on your website.
Four common types of cyber
security business compliance
1) Cyber Essentials
Cyber Essentials is a UK government scheme which is designed
to cover all the basics of cyber security. With Cyber Essentials credentials,
you will be:
- Demonstrating to customers and suppliers
that you have made a real effort to sure up your cyber security measures.
- Aware that the current state of your
cyber security practices meets that minimum standard – and hopefully where you
can make further improvements.
- Protecting your organisation against all
kinds of basic threats.
This scheme comes in two levels of certification – Cyber
Essentials and Cyber Essentials Plus – and is enough to protect you against
most of the standard sort of cyber security threats out there. It is also a
requirement if you want to bid for most government contracts.
Dial A Geek has already helped dozens of businesses across
Bristol achieve their Cyber Essentials credentials, so we can vouch for the scheme
2) PCI compliance
The PCI (Payment Card Industry) Security Standards Council
puts a great deal of effort into defining the cyber security standards it
expects of its stakeholders.
In fact, if you want to be able to accept credit card payments,
you must be PCI compliant. The PCI standards lay out a three-step process:
- Assessment – where you identify
cardholder data and assess your IT assets and card processing methods for
- Remediation – where you fix those issues
and make sure you are not storing cardholder data unless you really need to.
- Reporting – where reports are submitted
to the relevant banks and card providers to show you have done all of the
The PCI council always emphasises that cyber security is not
a “one shot and done” sort of deal. They point to many real-life situations
where originally compliant organisations let things slip and then suffered a
That’s the reason why cyber security experts like our Geeks
will always encourage you to treat compliance with PCI standards and the other
standards listed here as an ongoing process. Not a yearly box to be ticked.
3) HIPAA compliance
The Department of Health and Human Services (HSS) – sometimes
known as the Health Department – is the US government body which governs HIPAA
compliance. HIPAA is designed to protect the privacy of individuals’ health
HIPAA can be roughly thought of as the equivalent to GDPR in
Europe. But with HIPAA, the data which is being protected is specifically
Strictly speaking, there aren’t yet any HHS-endorsed HIPAA
accreditors or certifications. Again, this is because the Department of HHS
does not see compliance as a one-off task. Instead, it is an ongoing process
which needs to be regularly monitored.
Despite this, Dial A Geek can certainly help you ensure that
you are in full compliance with all of the extensive requirements of the US
Health Insurance Portability and Accountability Act.
4) ISO 27001 compliance
International Standard ISO 27001 describes a framework of
expected standards for an ISMS (Information Security Management System). This
covers all of the processes and policies you have in place for dealing with
You can be certified as being ISO 27001 compliant by an
accredited certification body. Once you’re certified, the status lasts for
three years. However, you will be expected to receive annual visits from your
accreditor to make sure you are keeping your processes up-to-date.
Why aim for business cyber security compliance?
Achieving any of the types of business compliance listed here
will give you a whole range of advantages. You will:
- Protect your business and your clients
- Be able to show off your organisation’s high
cyber security levels
- Attract new customers
- Demonstrate to suppliers that you are a partner
which can be trusted
All in all, if your business isn’t already compliant, today
is the day to get started.
Need to know which type of
business compliance would be best for you?
Dial A Geek has already helped nearly 1000 businesses in and around
Bristol make their technology work for them for a change.
Contact us today for a chat with one of our friendly and knowledgeable Geeks. Call 0117 369 4335 or follow this link to book a meeting with our chief Geek Gildas Jones.