Regulatory Compliance

SOC (Service Organization Controls) certifications are the internal data protection controls that are implemented at a third-party service organization. SOC certifications protect the systems or data that are being accessed by third-parties. SOC 2 Type II reports are the most comprehensive SOC certifications. A company that has achieved SOC 2 Type II certification is taking a proactive approach and investing in keeping its clients’ data secure. For service providers working with cloud and IT services, this certification is critical for their regulators, examiners, and auditors.

Typically, an MSP will choose to be evaluated against the security, availability, and confidentiality categories. Data security is critical to the livelihood of MSPs, and taking a proactive approach with critical controls is a huge differentiator from competitors.

Achieving SOC 2 Type II compliance takes a dedicated compliance team, regular audits, and engaging an independent third party to produce bi-annual reviews. The costs can easily reach hundreds of thousands of dollars.

The State of New York is the first state to introduce a cybersecurity regulation designed to protect the financial services’ critical infrastructure. The NY Department of Financial Services (NYDFS) introduced the NYDFS Cybersecurity Regulation (23 NYCRR 500) that imposes new cybersecurity requirements on all covered financial institutions.

The 23 NYCRR 500 Regulation applies to all businesses operating under or required to operate under DFS licensure, registration, or charter, or which are otherwise DFS-regulated, as well as, by extension, unregulated third-party service providers to regulated entities.

Accelerate Your Compliance With Tehama Section 500.11 requires all financial services (covered entities) to comply with the Third Party Service Provider Security Policy regulation. “Section 500.11 Third Party Service Providers.

In Tehama, financial services organizations can set cybersecurity policies such as treatment of data, access to sensitive data, privileged credential management and obfuscation, nationality and secret clearance access, geo-fencing access with partner IAM solutions, and additional compliance regulations for third-party service providers. Tehama can track how third parties, such as service providers are adhering to their policies and prevent them from delivering or accessing critical systems if they fail to comply with the policies.

The North American Electric Reliability Corporation (NERC) is a non-profit international regulatory authority that oversees the effective and efficient reduction of risks to the reliability and security of the grid.

NERC develops and enforces Reliability Standards. NERC CIP v5 addresses cyber-related risks facing this sector by promoting organizations to categorize Bulk Electric Systems (BES) into high, medium, and low impact. Once categorized, BES assets can have appropriate Critical Infrastructure Protection (CIP) standards applied to address risks.

Federal Information Processing Standards (FIPS) are a set of standards that describe document processing, encryption algorithms and other information technology standards for use within non-military government agencies and by government contractors and vendors who work with the agencies.

Organizations that use Tehama will be able to take advantage of the platform to meet security requirements for handling data. The platform’s secure perimeters, automated encryption, continuous malware protection, and network segregation protect corporate assets.

The Health Insurance Portability and Accountability Act of 1996 is United States legislation that provides data privacy and security provisions for safeguarding medical information.

Tehama’s virtual perimeters ensure that medical records are secure when working with employees or other third-parties. The platform adheres to a zero-trust access model, applying MFA (Multi-Factor Authentication) and network access policies. There is a deep workflow and approval process for granting access to Tehama Workrooms with MFA or SAML/SCIM integration to ensure only trusted and approved members have access to the Workroom.

The Personal Information Protection and Electronic Documents Act (PIPEDA) is a Canadian law relating to data privacy. It governs how private sector organizations collect, use and disclose personal information in the course of commercial business.

Tehama’s virtual perimeters ensure that organizations are compliant with PIPEDA. The platform adheres to a zero-trust access model, applying the principle of least privilege, MFA (Multi-Factor Authentication), and network access policies. There is a deep workflow and approval process for granting access to Tehama Workrooms with MFA or SAML/SCIM integration to ensure only trusted and approved members have access to the Workroom.

federal government of Canada’s new The Centre for Cyber Security CCCS recently announced a new two-year cybersecurity program. The goal of the new program, CyberSecure Canada, is to help small and medium-sized businesses (SMBs) achieve a minimum required level of cybersecurity.

The program is also focused on increasing consumer confidence in the digital economy, promoting international standardization, and giving SMBs the ability to better compete globally.

The certification is comprised of a baseline set of cybersecurity controls developed by the Canadian Centre for Cyber Security. These controls include establishing an incident response plan, regularly patching operating systems and applications, and using security software and securely configuring devices.

Four of these critical controls can be addressed with Tehama to help SMBs achieve certification; strong user authentication, secure perimeters, secured cloud and outsourced IT services, and implementing access controls.

With Tehama’s secure and compliant virtual desktops SMBs can quickly and securely onboard employees and third-party IT services providers to access systems. Tehama enables any end-user device to securely connect to systems without the risk of malware intrusion or data breaches and intellectual property theft.

Tehama provides all the components for secure cloud-based Windows or Linux workspaces, including dedicated encrypted network channels, firewalls, access and role restrictions, MFA user authentication and geo-fencing, storage, and end-user compute infrastructure (virtual and secured desktops with auto-patching and updates to keep your OS secure), and deep audit logs within a secured perimeter called a Workroom—making it easier for you to achieve your cybersecurity goals.

Each secure virtual Workroom is configured to work directly with the organization’s network via the Tehama gateway, which encrypts and restricts all traffic flow to within your network only. The secured network eliminates the risk of third-party attacks. Virtual desktops are accessible via the Tehama Web UI — that requires strong MFA authentication.

Session recordings show all user activity performed in a Workroom, right down to the keystroke, for exceptionally accurate auditing as well as forensic analysis and live viewing for training and monitoring purposes. The File Vault is an encrypted storage volume that enables secure information-sharing, fully isolated from any other Workrooms to ensure zero data leakage. The Secrets Vault provides secure storage of credentials and firewall rules for privileged-access assets — with masking to prevent the possibility of copying credentials outside the Tehama platform.