Call Us

US East: +1 513 401 7107

US West: +1 213 279 1055

​UK: +44 2038 802 321

CH: +41 44 585 91 15

Email Us

Stay Connected

  • Grey LinkedIn Icon
  • Grey Facebook Icon

Where We're Located

35 Rockridge, Englewood OH 45322

Copyright (c) 2019 by Allendevaux & Company LLC.  

All rights reserved.

Regulatory Compliance

Risk and Regulatory Compliance for Information Management

 

Keeping pace with changing information management regulations throughout the world is a fulltime effort: GDPR, COPPA, PDPA, HIPAA, GLBA, and many more laws and regulations. It can be difficult to ensure compliance whilst focusing on revenue growth. Yet oversight of the smallest regulatory clause can result in stiff penalties, legal costs, the mandatory appointment of third-party oversight, and reputational damage.
 

For instance, in the United States, Women & Infant’s Hospital (WIH) was recently fined $550,000 for failing to have proper agreements in place between itself and its parent company, allowing the exchange of protected health information. An agreement existed, but it was outdated, and the language was not in scope. The mistake was costly, including fines, reputational damage, six years of remediation oversight, legal fees, and mandatory training. Total costs will likely well exceed $1MM that could have been avoided.

How We Can Help

 

ALLENDEVAUX brings experienced professionals and a proven methodology to help international companies identify and comply with information management laws and regulations. The methodology has been utilized by private and public enterprises alike. Here is what we do:

  • Identify geographic and sectoral laws and regulations to which an organization must adhere such as GDPR, HIPAA, etc.

  • Review existing policies and procedures through stakeholder interviews.

  • Analyse compliance gaps in policies and procedures that must be addressed by implementing or augmenting an Enterprise Compliance Framework such as ISO27001, NIST, etc.

  • Perform a risk assessment to identify asset vulnerabilities and prescribe mitigating efforts to lower risks of cyber or physical attack.

  • Provide awareness and training programmes that satisfy international requirements, along with evidence of practice that can be tracked by the HR department.

  • Establish a compliance framework for the transatlantic exchange of personal data for commercial purposes between the United States and the European Union or Switzerland