Cybersecurity Risk Management and Regulatory Services

Health Insurance Portability and Accountability Act (HIPAA) is a complex federal healthcare law governing the use and protection of patient health information (PHI), and includes 3 primary rules: privacy, security, and breach notification.

The Food and Drug Administration (FDA) protects public health by ensuring the safety, effectiveness, quality, and security of human and veterinary drugs, vaccines, and other biological products, and medical devices.

Current Good Manufacturing Practice (CGMP) regulations enforced by the FDA ensure that medicinal products are consistently produced and controlled to the quality standards appropriate to their intended use.

The Health Information Technology for Economic and Clinical Health (HITECH) Act was enacted in 2009 to promote the adoption and meaningful use of health information technology.

The FDA’s Federal Food, Drug, and Cosmetic Act (FD&C Act) includes section 524B, which stipulates a number of requirements and actions a person must take when submitting a cyber device and ensuring that the device meets certain requirements.

The U.S. Department of Agriculture (USDA) regulates food, agriculture, natural resources, rural development, nutrition, and related issues based on public policy, the best available science, and effective management.

The Food Safety Modernization Act (FSMA) focuses on preventing food safety problems before they occur and recognizes the importance of strong foodborne illness and outbreak surveillance systems.

The Federal Energy Regulatory Commission (FERC) is an independent agency that regulates the interstate transmission of natural gas, oil, and electricity.

The European Network for Cyber Security (ENCS) is a nonprofit organization owned by grid operators that seeks to improve the world’s cybersecurity by sharing knowledge and providing frameworks for the utility industry.

The Environmental Protection Agency (EPA) is an independent agency of the United States government tasked with environmental protection matters. EPA regulations impact many industries, including food and agriculture, energy, and water and wastewater.

The Global System for Mobile Communications Association (GSMA) is a global organization unifying the mobile ecosystem and providing cybersecurity frameworks and guidelines for the communications industry.

The Department of Homeland Security (DHS) protects U.S. borders and manages the flow of people and products into and out of the United States, regulating industries like transportation and logistics.

The U.S. Department of Transportation (DOT) is responsible for planning and coordinating federal transportation projects and setting safety regulations for all major modes of transportation.

General Data Protection Regulation (GDPR) is a European regulation implemented in 2018 to enhance EU citizens’ control over the personal data that companies can legally hold. GDPR regulations impact any country that collects or interacts with EU citizen data.

DORA explicitly refers to ICT risk and sets rules on ICT risk-management, incident reporting, operational resilience testing and ICT third-party risk monitoring, protecting the soundness of the entire financial system.

Threat Intelligence-based Ethical Red Teaming (TIBER) is a European framework that provides comprehensive guidance on how authorities, entities, and threat intelligence and red-team providers should work together to test and improve cyber resilience.