Who Must Comply and The Risks

Do you have customers, vendors or employees?

If you do, not only do you have an extra responsibility to do what you can to fight identity theft and consumer fraud, you have no choice because it’s the law.

Becoming InfoSafe Certified means your business meets or exceeds the minimum recommended standards and requirements for protecting your customer’s and employee’s personal information against identity theft and fraud. It also shows your commitment to doing business the right way, with a genuine commitment to privacy, safety and trust.

The following 8 questions will help you determine whether you must comply with one or more of the information security regulations. Does your business:

      1. Collect, process, or store any personally identifiable information for your customers such as name, address, social security number, driver’s license number, birth dates, etc.?


      2. Collect, process, or store any financial information for your customers such as loans, bank accounts, insurance, taxes, accounting, investments, debts, credit reports, real estate information, etc.?


      3. Collect, process, or store any health related personal information for your customers such as medical records, treatment, health insurance, billing, etc.?


      4. Collect, process, or store any personal information about your employees such as name, address, social security number, birth dates, 401K, health benefits, tax information, etc.?


      5. Extend credit or payment terms to your customers?


      6. Provide products or services and then invoice or bill your customers?


      7. Accept credit cards as a form of payment?


      8. Share customer information with any third parties?


    If you answered YES to any question, you must comply with one or more federal and state laws or industry regulations for protecting personal information.

InfoSafe is the leading information security compliance and certification program, helping businesses to meet these requirements and best practices in a single overall, easy to implement, and affordable compliance program.

**(Need form or link to register for a free InfoSafe consultation)**

What Are The Risks

Onsite Assessment
Based upon regulatory requirements and industry best practices, a Certified INVISUS Information Security Advisor (CIISA) conducts an initial onsite assessment of your physical location(s) to gather important information about your business or organization including the type of confidential or protected information you collect and use, as well as your current administrative, technical and physical safeguards and associated risks and vulnerabilities, policies, procedures and controls.

Compliance Review
Following the onsite assessment, our compliance experts determine which of the federal, state and industry information security and privacy regulations apply to your business, and evaluate your current policies and procedures, controls and safeguards in relation to the requirements of the applicable regulations. The results of this comprehensive compliance review, combined with the results of the onsite assessment, are used to identify key information security and privacy requirements, address existing compliance gaps and risks to your organization and customers, and to develop your information security policies and procedures.


Click Here to Leave a Comment Below

Leave a Reply: