Comply with Regulations


Our Compliance services are designed to help organizations achieve their efforts to ensure that they are aware of and take steps necessary to comply with relevant laws and regulations such as the HIPAA Security Rule or the Federal Information Security Management Act (FISMA).   We can assist you by performing an assessment to determine your organization’s compliance with applicable laws and regulations and report on the results of our assessment.

General Data Protection Regulation (GDPR)

General Data Protection Regulation (GDPR) was enforced in May 2018. The new General Data Protection Regulation changed the way businesses and organizations handle personal information. Due to the rapid pace of technological changes, digital information is being created, used, stored and distributed on a very large scale.


If your organization is defined as a covered entity or a business associate under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) that handles electronic protected health information (“ePHI”), you are required to implement policies necessary to secure such information in accordance with the HIPAA Security Rule.

FISMA/NIST Assessment

AARC-360 can assist organizations that are required to comply with the Federal Information Security Management Act (FISMA) requirements that may require an independent assessment of its security controls in accordance with the National Institute of Standards and Technology (“NIST”) Special Publication 800-53 rev4 (“SP 800-53”).

Minimum Acceptable Risk Standards For Exchanges (MARS-E)

The enactment of the Patient Protection and Affordable Care Act (ACA) of 2010 gave way to the creation of the federal and state Health Insurance Exchanges (HIXs or marketplaces) which facilitate the purchase of health insurance by consumers and small businesses.

Publication 1075

Internal Revenue Service Publication 1075 (IRS 1075) provides guidance to ensure the policies, practices, controls, and safeguards employed by recipient agencies, agents, or contractors adequately protect the confidentiality of Federal Tax Information (FTI).

Gramm–Leach–Bliley Act (GLBA)

The Gramm-Leach-Bliley Act (GLBA) of 1999 requires financial institutions – companies that offer consumers financial products or services like loans, financial or investment advice, or insurance – to explain their information-sharing practices to their customers and to safeguard sensitive data.

California Consumer Privacy Act (CCPA)

Last year, the State of California passed a crucial privacy law which gives consumers a lot more control of their data. This act gives residents all the rights to control what information companies obtain on them and how that information is used.

DFARS & NIST 800- 171

DFARS 252.204 and NIST SP 800-171 define specific controls that should be in place for an organization to comply with the guidelines in order to protect Controlled Unclassified Information (“CUI”).

Ready To Talk?

We appreciate you visiting our website. While we have provided you with information about us and the services we offer, there is no substitute to having a detailed conversation and giving us the opportunity to understand your requirements, getting to know you and your organization better in order to provide you with our thoughts and guidance.