Reduce the complexity of regulatory requirements by leveraging our compliance experts
Ntirety Compliance-as-a-Service
As a leading HIPAA-, FERPA-, and PCI-compliant service provider with 20 years of industry experience, Ntirety has the expertise and certifications necessary to help you design, build, and run a wide range of solutions to help support your compliance strategy. We also hold a HITRUST CSF certification, which places us alongside an elite group of organizations worldwide that are uniquely qualified to expertly manage risk.
“Based on my observation, Ntirety is among the top 10% of SOC compliance rigor—not only keep up with key details behind compliance—but actually ensuring that compliance is part of their solutions, so their customers have less to worry about.”
Jon Long
CISA, QSA Senior Audit Manager, CompliancePoint
Why Choose Ntirety Compliance-as-a-Service?
Dynamic Dashboards
Actionable Analysis
Built with Compliance in Mind
Global Capabilities
Dedicated Experts
Proven Methods
Pick Your Ideal Level of Service
Standard
Learn More- Phone & Ticket Support
- Training and Onboarding
- Compliance Dashboard Infrastructure and Administration
- Notifications
- Assessment Management
- Vulnerability Tracking
Advanced
Learn More- Phone & Ticket Support
- Training and Onboarding
- Requirement Interpretation
- Policy and Control Mapping
- Vulnerability Review
- Audit Advisement
- Compliance Dashboard Infrastructure and Administration
- Notifications
- Assessment Management
- Vulnerability Tracking
- Report Management
Premier
Learn More- Phone & Ticket Support
- Training and Onboarding
- Requirement Interpretation
- Policy and Control Mapping
- Vulnerability Review
- Audit Advisement
- Annual Risk Assessment
- Compliance Dashboard Infrastructure and Administration
- Notifications
- Assessment Management
- Vulnerability Tracking
- Report Management
- Policy Tracking
- Vendor Risk Tracking
- Incident Tracking
- Risk Register Tracking
Meet ever-changing compliance regulations
Compliance-as-a-Service Expertise
Compliance Assessments
What are Ntirety Compliance Assessments?
Ntirety Compliance Risk Assessments provide clarity into your current and ongoing compliance posture. Our compliance experts will assess the existing environments for gaps in systems and processes, and then assemble strategies to mitigate risk and assist in achieving compliance.
Types of Compliance Assessments:
Ntirety offers compliance risk assessments to help your organization meet ever-changing compliance regulations for PCI DSS, HIPAA, HITRUST CSF, FERPA, CCPA, and GDPR.
Gap Assessment – At the beginning of your engagement, a Ntirety Compliance Analyst will perform a gap analysis to evaluate your current environment and provide the steps your organization will need to take to meet your desired level of compliance.
Ongoing assessments – During your engagement with Ntirety, our compliance analyst will periodically perform a risk assessment to check in on your compliance lifecycle, how are you measuring up, and where you need to focus your risk mitigation activities.
Annual Risk Assessment – At the Premier level only, a Ntirety Compliance Analyst performs an annual assessment evaluating regulatory information to determine applicability of the regulations and your organization’s compliance risk. Following the assessment, Ntirety will provide suggestions on key areas for improvement.
Risk Assessment Reports – Ntirety Risk Assessment Reports present and summarize the results of your risk assessment and allow your organization the opportunity to review the information collected and perform risk mitigation activities to remedy or minimize your overall risk. The structure and process these risk assessments allow your organization to prioritize mitigation efforts, create benchmarks for effectively tracking the benefits of mitigation strategies, and help identify security vulnerabilities, inefficiencies, and non-compliances.
Payment Card Industry Data Security Standard (PCI DSS)
What is PCI?
PCI is designed to help ensure customer credit/debit car data, account information, and transaction information is safe from hackers or any malicious system intrusion.
Who is required to be compliant?
Any organization that processes credit/debit card information, including merchants and third-party service providers that store, process, or transmit credit/debit card data.
How does Ntirety help?
Ntirety can help you address a sub-set of the 12 major requirements listed in the PCI DSS.
The PCI DSS States You Must: | Ntirety Can: |
1. Install and maintain a firewall configuration to protect cardholder data
2. Do not use vendor-supplied defaults for system passwords and other security parameters |
Build and Maintain a Secure Network |
3. Protect stored cardholder data
4. Encrypt transmission of cardholder data across open, public networks |
Protect Cardholder Data |
5. Use and regularly update anti-virus software or programs6. Develop and maintain secure systems and applications | Maintain a Vulnerability Management Program |
7. Restrict access to cardholder data by business need-to-know
8. Assign a unique ID to each person with computer access 9. Restrict physical access to cardholder data |
Implement Strong Access Control Measures |
10. Track and monitor all access to network resources and cardholder data
11. Regularly test security systems and processes |
Regularly Monitor and Test Networks |
12. Maintain a policy that addresses information security for all personnel | Maintain an Information Security Policy |
Health Insurance Portability and Accountability Act (HIPAA)
What is HIPAA?
HIPAA regulates the use and disclosure of an individual’s health information and gives patients greater control over the use of that information.
Who is required to be compliant?
Any covered entity, defined as health care providers, health plans, and health care clearinghouses, that collect and use individually identifiable health information.
How does Ntirety help?
Ntirety offers industry-leading, HIPAA-compliant, and HITRUST-certified solutions, including the following components:
- Firewall
- Intrusion detection and prevention
- Multi-factor authentication
- SSL and VPN
- Web application firewall
- File integrity monitoring
- Security event log management and monitoring
Health Information Trust Alliance (HITRUST) Common Security Framework (CSF)
What is HITRUST CSF?
A HITRUST Common Security Framework certification demonstrates that Ntirety meets specific healthcare regulations and requirements for protecting and securing sensitive private healthcare information.
Who can earn this certification?
Only organization that meet certain requirements and receive a passing score after rigorous auditing can claim they are HITRUST CSF certified, which is why working with HITRUST-certified vendors instills confidence in your customers.
How does Ntirety help?
Ntirety’s HITRUST certification extends to our entire infrastructure, data centers, backup applications, multitenant solutions, dedicated servers, storage, and networking, which means you can rest assured knowing that your sensitive data is safely—and compliantly—guarded.
Family Educational Rights and Privacy Act (FERPA)
What is FERPA?
FERPA is a federal law within the United States that ensures students’ paper and electronic education records stay private.
Who is required to be compliant?
This law applies to all public schools and state or local education agencies that receive federal education funds. Organizations that host and/or develop Integrated Data System (IDS) software must also ensure they are complaint with FERPA.
How does Ntirety help?
We offer FERPA-compliant, fully managed solutions that safely host a wide variety of applications, alongside security experts that eliminate the complexity in establishing and maintain FERPA compliance:
- Content Management Solutions
- Digital education
- On-demand learning materials and webinars
- Academic research data
- Digital media for speaking events, sports event, and fine arts performances
Our solutions will help you meet FERPA guidelines by allowing you to:
Safeguard Your Records in the US: Educational records covered under FERPA include medical and health records, emergency contact information, grades, test scores, and much more. With multiple data centers spread across the country, our solutions allow you to host and backup this sensitive data in the United States, which makes FERPA compliance less complex.
Protect Your Data with Appropriate Safeguards: Ntirety implements the appropriate administrative, physical, and technical safeguards to store, maintain, and protect electronic student education records in accordance with FERPA regulations.
Partner with Experts: As one of the few managed hosting providers to hold a full suite of compliance certifications, Ntirety’s expert security team eliminates the complexity in establishing and maintaining FERPA compliance.
California Consumer Privacy Act (CCPA)
What is CCPA?
This privacy law grants any California consumer the right to:
• Know what personal data is being colle cted about them
• Know whether their personal data is sold or disclosed and to whom
• Say no to the sale of personal data
• Access their personal data
• Request a business delete any personal information about a consumer collected from that consumer
• Not be discriminated against for exercising their privacy rights
What are CCPA Requirements?
For businesses that must adhere to CCPA law, compliance breaks down into 5 main requirements:
1. Data inventory and mapping of in-scope personal data and instances of “selling” data
2. New individual rights to data access and erasure
3. New individual right to opt-out of data selling
4. Updating service-level agreements with third-party data processors
5. Remediation of information security gaps and system vulnerabilities
Does Your Business Have to Comply with CCPA?
Any for-profit organization doing business in California that collects consumers’ personal data and meets the following
qualifiers must comply with CCPA:
• Has annual gross revenues in excess of $25 million
• Annually buys, receives for the business’ commercial purposes, sells or shares for commercial purposes, alone or
in combination, the personal information of 50,000 or more consumers, households, or devices
• Derives 50% or more of its annual revenues from selling consumers’ personal information
General Data Protection Regulation (GDPR)
What is GDPR?
The General Data Protection Regulation is a regulation in EU law on data protection and privacy for all individual citizens of the European Union and the European Economic Area.
Who is required to be compliant?
This law applies to any organization that provides services to the EU, has an ‘establishment’ in the EU regardless of where you process personal data, or has employees or clients from the EU.
How does Ntirety help?
We offer GDPR-compliant, fully managed solutions that safely host a wide variety of applications, alongside security experts that eliminate the complexity in establishing and maintaining GDPR compliance:
- Risk Assessment
- Gap Analysis
- Awareness Training
- Table top exercises – Guided Discussion in BCP & DR
- Asset Inventory
- Breach Response
- Incident Response or Testing
- Mapping Frameworks (ISO 27001 to GDPR)