Compliance Overview

The Cingo Gap: Compliance and Cyber Security

Why Compliance?

Robust Compliance

Cingo is your one-stop shop for compliance and cybersecurity. We are a SOC compliance provider that specializes in HIPAA, PCI, CCPA, and other industry-specific regulations. We support organizations, both large and small, throughout the US.

Compliance looks unique in every industry. That’s why we offer a wide range of compliance options, extending from HIPAA to FDIC. We have you covered!

Our Specialty

Compliance Solutions

Financial

FDIC – The Federal Deposit Insurance Corporation (FDIC) is a US government agency that provides insurance to protect depositors in the event that their bank fails.

NCUA – The National Credit Union Administration (NCUA) is a US government agency that provides insurance to protect depositors in credit unions in the event that their credit union fails.

OCC – The Office of the Comptroller of the Currency (OCC) is a US government agency that regulates and supervises national banks and federal savings associations.

CFPB – The Consumer Financial Protection Bureau (CFPB) is a US government agency that is responsible for protecting consumers in the financial marketplace by regulating financial products and services.

State Regulators – State regulators are government agencies that oversee financial institutions that operate within their respective states.

BSA – The Bank Secrecy Act (BSA) is a US federal law that requires financial institutions to keep records of transactions over $10,000 and report suspicious activity to the government.

State Data Protection Laws – State Data Protection Laws are regulations that require financial institutions to protect sensitive customer data from unauthorized access, use, or disclosure.

FFIEC – The Federal Financial Institutions Examination Council (FFIEC) is an interagency body that sets standards for financial institutions’ regulatory compliance.

Healthcare

HIPAA – The Health Insurance Portability and Accountability Act (HIPAA) is a US federal law that regulates the use and disclosure of protected health information (PHI) by healthcare providers, insurers, and related organizations.

State Data Protection Laws – State Data Protection Laws are regulations that require healthcare organizations to protect sensitive patient data from unauthorized access, use, or disclosure.

State Regulators – State regulators are government agencies that oversee financial institutions that operate within their respective states.

Lawfirms

Regulations – Lawfirms must comply with all regulations that apply to their clients, including financial, healthcare, and other regulations.

Accounting

SEC – The Securities and Exchange Commission (SEC) is a US government agency that regulates the securities industry and protects investors.

Record Keeping – Accountants must keep accurate records of financial transactions and financial statements.

Anti Money Laundering – Accountants must take steps to prevent money laundering and report suspicious financial activity.

State Data Protection Laws – State Data Protection Laws are regulations that require accountants to protect sensitive client data from unauthorized access, use, or disclosure.

State Regulators – State regulators are government agencies that oversee financial institutions that operate within their respective states.

Insurance

State Regulators – State regulators are government agencies that oversee financial institutions that operate within their respective states.

State Data Protection Laws – State Data Protection Laws are regulations that require nonprofits to protect sensitive customer data from unauthorized access, use, or disclosure.

Record Retention – State Data Protection Laws are regulations that require insurance agents to protect sensitive customer data from unauthorized access, use, or disclosure.

Nonprofits 501(c)(3)

State Regulators – State regulators are government agencies that oversee financial institutions that operate within their respective states.

Manufacturing

FedRAMP – Federal Risk and Authorization Management Program (FedRAMP) is a US government program that provides a standardized approach to security assessment, authorization, and continuous monitoring of cloud products and services used by federal agencies.

NIST – National Institute of Standards and Technology (NIST) is a US government agency that develops standards, guidelines, and best practices for a wide range of industries, including manufacturing, to help ensure the confidentiality, integrity, and availability of information and information systems.

DISA – United States Defense Information Systems Agency (DISA) is a US government agency that provides information technology (IT) and communication support to the US Department of Defense.

NARA – National Archives and Records Administration’s (NARA) is a US government agency that is responsible for preserving and providing access to government records.

COPPA – Children’s Online Privacy Protection Act (COPPA) is a US federal law that requires website operators to obtain verifiable parental consent before collecting personal information from children under the age of 13.

FERPA – The Family Educational Rights and Privacy Act (FERPA) is a US federal law that protects the privacy of student education records and gives parents and eligible students certain rights with respect to those records.

HECVAT – Higher Education Cloud Vendor Assessment Toolkit (HECVAT) is a toolkit developed by the higher education community to help colleges and universities evaluate the security and privacy practices of cloud service providers.

eCommerce

SOC 2 Type 2 – SOC 2 Type 2 compliance is a certification that demonstrates a company has implemented and follows strict information security policies and procedures to protect customer data. It involves an independent auditor evaluating the company’s controls to ensure they are effective and operating as intended.

PCI – Payment Card Industry (PCI) compliance is a set of security standards that all businesses accepting credit and debit card payments must adhere to. It requires businesses to implement certain safeguards to protect the confidentiality, integrity, and availability of cardholder data during transmission, storage, and processing.

DSS – Payment Card Industry (PCI) Data Security Standards (DSS) is a set of security standards developed by the payment card industry to help protect against credit card fraud and other security breaches.

CCPA – The California Consumer Privacy Act (CCPA) is a state law in California that gives California residents certain rights with respect to their personal information, including the right to know what information is being collected, the right to request that information be deleted, and the right to opt-out of the sale of personal information.