Regulatory Compliance Programs
HIPAA. FTC Safeguards. SEC Reg S-P. NAIC Model Law. NYDFS Part 500.
A compliance program is not a binder on a shelf. It is a living instrument: a written program, evidence of its execution, and a record of decisions made and revisited over time. Regulators do not audit intentions; they audit documentation.
We build compliance programs that are structured to be defended — in a Health & Human Services investigation, an FTC examination, an SEC deficiency letter, a state insurance-department inquiry, or a plaintiff’s discovery request following a breach.
Frameworks We Support
- HIPAA Security Rule (45 CFR Part 164, Subpart C) and Breach Notification Rule (Subpart D)
- FTC Standards for Safeguarding Customer Information, 16 CFR Part 314
- IRS Publication 4557 (Safeguarding Taxpayer Data)
- SEC Regulation S-P, including 2024 amendments
- NAIC Insurance Data Security Model Law
- NYDFS 23 NYCRR Part 500
