No one wants their own business to go down to a cyber attack. No one wants their client businesses to either.
In fact, for many suppliers and providers, knowing that a partner company isn’t going to be at risk of cyber attack is a big driver of who they do and do not want to do business with.
That’s why so many suppliers and providers require you to have one of these four common types of business compliance before you can do things like use them to set up payments on your website.
Cyber Essentials is a UK government scheme which is designed to cover all the basics of cyber security. With Cyber Essentials credentials, you will be:
This scheme comes in two levels of certification – Cyber Essentials and Cyber Essentials Plus – and is enough to protect you against most of the standard sort of cyber security threats out there. It is also a requirement if you want to bid for most government contracts.
Dial A Geek has already helped dozens of businesses across Bristol achieve their Cyber Essentials credentials, so we can vouch for the scheme wholeheartedly.
The PCI (Payment Card Industry) Security Standards Council puts a great deal of effort into defining the cyber security standards it expects of its stakeholders.
In fact, if you want to be able to accept credit card payments, you must be PCI compliant. The PCI standards lay out a three-step process:
The PCI council always emphasises that cyber security is not a “one shot and done” sort of deal. They point to many real-life situations where originally compliant organisations let things slip and then suffered a breach.
That’s the reason why cyber security experts like our Geeks will always encourage you to treat compliance with PCI standards and the other standards listed here as an ongoing process. Not a yearly box to be ticked.
The Department of Health and Human Services (HSS) – sometimes known as the Health Department – is the US government body which governs HIPAA compliance. HIPAA is designed to protect the privacy of individuals’ health information.
HIPAA can be roughly thought of as the equivalent to GDPR in Europe. But with HIPAA, the data which is being protected is specifically medical information.
Strictly speaking, there aren’t yet any HHS-endorsed HIPAA accreditors or certifications. Again, this is because the Department of HHS does not see compliance as a one-off task. Instead, it is an ongoing process which needs to be regularly monitored.
Despite this, Dial A Geek can certainly help you ensure that you are in full compliance with all of the extensive requirements of the US Health Insurance Portability and Accountability Act.
International Standard ISO 27001 describes a framework of expected standards for an ISMS (Information Security Management System). This covers all of the processes and policies you have in place for dealing with data.
You can be certified as being ISO 27001 compliant by an accredited certification body. Once you’re certified, the status lasts for three years. However, you will be expected to receive annual visits from your accreditor to make sure you are keeping your processes up-to-date.
Achieving any of the types of business compliance listed here will give you a whole range of advantages. You will:
All in all, if your business isn’t already compliant, today is the day to get started.
Dial A Geek has already helped nearly 1000 businesses in and around Bristol make their technology work for them for a change.
Contact us today for a chat with one of our friendly and knowledgeable Geeks. Call 0117 369 4335 or follow this link to book a meeting with our chief Geek Gildas Jones.