IT Governance is quickly becoming an area that all businesses must have an experienced partner. Whether you accept credit cards and must adhere to PCI, your part of a supply chain and a HIPAA Business Associate or any other number of governances such as GDPR, ISO, NIST, Contigo Technology can help you get there. Identifying, understanding and managing your risks are at the core of any IT best practices program. Having an experienced partner to guide you is critical. Contigo can help.

Having a good compliance partner is important because the government, your suppliers and customers require it. Ignoring these requirements can have serious consequences. IT governance provides a structure for aligning IT strategy with business and regulatory strategy. The NIST Cybersecurity Framework does this. The need to protect confidential information, patient information (HIPAA), personally identifiable information (PII), client information, business information and more is paramount to keep businesses running smoothly and in compliance with regulators and stakeholders. New laws and compliance requirements are coming online all the time. If you’re a business that traditionally had no requirements regarding information or IT, its likely that will change soon. If you have clients or employees in Europe, you are subject to GDPR. New state laws have similar requirements if you have clients or employees in California and New York. Large fines are associated with each new governmental agency and their requirements. The passage of Texas Senate Bill 820 that went into effect for Texas school districts regarding cybersecurity policies could be a foreshadow of what will be required of all Texas businesses in the near future. Contigo can help you get there.

Contigo utilizes the NIST Cybersecurity Framework as best practices when assisting clients with their compliance and governance requirements. The NIST Cybersecurity framework in guidance provided by the Federal Government through the National Institute of Standards and Technology (NIST) with extensive private sector and academia input in response to Presidential Executive Order (EO) 13636 expressing the need to improve Critical Infrastructure Cybersecurity. With the proliferation of ransomware, account takeovers, trojan horses via organized crime and state sponsored hackers, a good cybersecurity policy and plan is business critical for not just the regulated verticals. Most IT regulatory and compliance standards are derived from the NIST Cybersecurity framework and follow its tenets of:

  • IDENTIFY: Identify and control who has access to your business information
  • PROTECT: Protect your systems, information, networks with patches, encryption and antivirus
  • DETECT: Update security programs and maintain monitor logs
  • RESPOND: Develop a plan for disasters and information security incidents
  • RECOVER: Make full backups of important business data and improves processes/procedures/technologies

Call Contigo and let us talk to you about your requirements or need for best practices. We’d like to talk to you about the process of utilizing the NIST Cybersecurity Framework to put you in the best possible IT security posture without disrupting your business.