Regulatory Compliance

Tehama takes the heavy lifting out of compliance, making it easier for your organization to meet specific regulatory requirements.

SOC 2 Type II Certification
SOC (Service Organization Controls) certifications are the internal data protection controls implemented at a third-party service organization. They protect the systems or data being accessed by third parties.
SOC 2 Type II is the most comprehensive SOC certification. A company that achieves SOC 2 Type II certification demonstrates that it is taking a proactive approach and investing in keeping its clients’ data secure. For service providers working with cloud and IT services, this certification is an important benchmark for r regulators, examiners, and auditors.
When applying for SOC 2 Type II certification, an MSP, for example, will typically choose to be evaluated against the security, availability, and confidentiality categories. Data security is crucial to an MSP’s livelihood, and taking a proactive approach can provide competitive differentiation.
However, achieving SOC 2 Type II compliance takes a dedicated compliance team, regular audits, and engaging an independent third party to produce bi-annual reviews.
With Tehama, your organization can leverage a SOC 2 Type II end-user compute environment and achieve and maintain regulatory compliance requirements for heavily regulated industries such as banking, financial services, health care, energy and utilities, insurance, and government enterprises. The Tehama solution has 97 SOC 2 Type II controls built into the platform, saving you time and resources on internal SOC 2 Type II audits.
SOC 2 Type II Certification
ISO 27001:2022 Certification
ISO 27001:2022 certification is an essential standard for organizations looking to safeguard their information assets and demonstrate a commitment to robust information security management practices. Similar to SOC certifications, ISO 27001:2022 certification assures stakeholders that effective controls are implemented to protect sensitive information.
ISO 27001:2022 certification encompasses a comprehensive framework for establishing, implementing, maintaining, and continually improving an information security management system (ISMS) within an organization. This certification not only addresses the protection of data accessed by third parties, but also ensures the overall security, availability, and confidentiality of information assets across various domains.
Organizations that achieve ISO 27001:2022 certification demonstrate a proactive approach to upholding the security of their clients’ data. Especially critical for service providers operating in cloud computing and IT services, ISO 27001:2022 certification underscores their commitment to meeting regulatory requirements and satisfying the expectations of regulators, examiners, and auditors.
ISO 27001:2022 Certification
NYDFS 23 NYCRR 500 Regulation
The State of New York is the first state to introduce a cybersecurity regulation designed to protect the financial services’ critical infrastructure. The NY Department of Financial Services (NYDFS) introduced the NYDFS Cybersecurity Regulation (23 NYCRR 500) that imposes new cybersecurity requirements on all covered financial institutions.
The 23 NYCRR 500 Regulation applies to all businesses operating under or required to operate under DFS licensure, registration, or charter, or which are otherwise DFS-regulated, as well as, by extension, unregulated third-party service providers to regulated entities.
Accelerate Your Compliance With Tehama Section 500.11 requires all financial services (covered entities) to comply with the Third Party Service Provider Security Policy regulation. “Section 500.11 Third Party Service Providers.
In Tehama, financial services organizations can set cybersecurity policies such as treatment of data, access to sensitive data, privileged credential management and obfuscation, nationality and secret clearance access, geo-fencing access with partner IAM solutions, and additional compliance regulations for third-party service providers. Tehama can track how third parties, such as service providers are adhering to their policies and prevent them from delivering or accessing critical systems if they fail to comply with the policies.
Tehama Applies Several Layers Of Protection To Adhere To Section 500.11B.
Via deep audit, activity logging and session recordings, the financial services institution can track every single person within the service provider entity or sub-contractor’s activity while delivering services on mission critical and data sensitive assets.
NYDFS 23 NYCRR 500 Regulation
NERC & CIP
The North American Electric Reliability Corporation (NERC) is a non-profit international regulatory authority that oversees the effective and efficient reduction of risks to the reliability and security of the grid.
NERC develops and enforces Reliability Standards. NERC CIP v5 addresses cyber-related risks facing this sector by promoting organizations to categorize Bulk Electric Systems (BES) into high, medium, and low impact. Once categorized, BES assets can have appropriate Critical Infrastructure Protection (CIP) standards applied to address risks.
Tehama’s secure perimeters and firewalls address vulnerabilities encountered during remote access.
NERC & CIP
FIPS
Federal Information Processing Standards (FIPS) are a set of standards that describe document processing, encryption algorithms and other information technology standards for use within non-military government agencies and by government contractors and vendors who work with the agencies.
Organizations that use Tehama will be able to take advantage of the platform to meet security requirements for handling data. The platform’s secure perimeters, automated encryption, continuous malware protection, and network segregation protect corporate assets.
Tehama secures data and intellectual property from breaches and abuse. Secure Virtual Workrooms prevent data from escaping. Users and Workroom owners have full visibility into all data and intellectual property used in the Workroom. Because data and IP never leave the Workroom, endpoint devices being lost or stolen don’t pose a threat to data breaches.
FIPS
HIPAA
The Health Insurance Portability and Accountability Act of 1996 is United States legislation that provides data privacy and security provisions for safeguarding medical information.
Tehama’s virtual perimeters ensure that medical records are secure when working with employees or other third-parties. The platform adheres to a zero-trust access model, applying MFA (Multi-Factor Authentication) and network access policies. There is a deep workflow and approval process for granting access to Tehama Workrooms with MFA or SAML/SCIM integration to ensure only trusted and approved members have access to the Workroom.
Tehama focuses on protecting the data and intellectual property from breaches and abuse. Tehama’s secure Workrooms prevent data from escaping. Users and Workroom owners have full visibility into all data and intellectual property used in the Workroom.
HIPAA
PIPEDA
The Personal Information Protection and Electronic Documents Act (PIPEDA) is a Canadian law relating to data privacy. It governs how private sector organizations collect, use and disclose personal information in the course of commercial business.
Tehama’s virtual perimeters ensure that organizations are compliant with PIPEDA. The platform adheres to a zero-trust access model, applying the principle of least privilege, MFA (Multi-Factor Authentication), and network access policies. There is a deep workflow and approval process for granting access to Tehama Workrooms with MFA or SAML/SCIM integration to ensure only trusted and approved members have access to the Workroom.
Tehama focuses on protecting the data and intellectual property from breaches and abuse. Tehama’s secure Workrooms prevent data from escaping. Users and Workroom owners have full visibility into all data and intellectual property used in the Workroom. Because data and IP never leave the Workroom, endpoint devices being lost or stolen don’t pose a threat to data breaches. In this case, Tehama helps enforce requirements for PIPEDA.
PIPEDA
CyberSecure Canada Cybersecurity Controls
federal government of Canada’s new The Centre for Cyber Security CCCS recently announced a new two-year cybersecurity program. The goal of the new program, CyberSecure Canada, is to help small and medium-sized businesses (SMBs) achieve a minimum required level of cybersecurity.
The program is also focused on increasing consumer confidence in the digital economy, promoting international standardization, and giving SMBs the ability to better compete globally.
The certification is comprised of a baseline set of cybersecurity controls developed by the Canadian Centre for Cyber Security. These controls include establishing an incident response plan, regularly patching operating systems and applications, and using security software and securely configuring devices.
Four of these critical controls can be addressed with Tehama to help SMBs achieve certification; strong user authentication, secure perimeters, secured cloud and outsourced IT services, and implementing access controls.
With Tehama’s secure and compliant virtual desktops SMBs can quickly and securely onboard employees and third-party IT services providers to access systems. Tehama enables any end-user device to securely connect to systems without the risk of malware intrusion or data breaches and intellectual property theft.
Tehama provides all the components for secure cloud-based Windows or Linux workspaces, including dedicated encrypted network channels, firewalls, access and role restrictions, MFA user authentication and geo-fencing, storage, and end-user compute infrastructure (virtual and secured desktops with auto-patching and updates to keep your OS secure), and deep audit logs within a secured perimeter called a Workroom—making it easier for you to achieve your cybersecurity goals.
Each secure virtual Workroom is configured to work directly with the organization’s network via the Tehama gateway, which encrypts and restricts all traffic flow to within your network only. The secured network eliminates the risk of third-party attacks. Virtual desktops are accessible via the Tehama Web UI — that requires strong MFA authentication.
Session recordings show all user activity performed in a Workroom, right down to the keystroke, for exceptionally accurate auditing as well as forensic analysis and live viewing for training and monitoring purposes. The File Vault is an encrypted storage volume that enables secure information-sharing, fully isolated from any other Workrooms to ensure zero data leakage. The Secrets Vault provides secure storage of credentials and firewall rules for privileged-access assets — with masking to prevent the possibility of copying credentials outside the Tehama platform.
Tehama allows you to set strict policies for data and application access with robust user identity management and “just-in-time” user provisioning through SCIM and SAML. Access to credentials and other assets is available only after successful two-factor authentication and single-use passwords prevent access after a session has ended.
CyberSecure Canada Cybersecurity Controls
Transition Lines

How Tehama Rapidly Enabled a Virtual Call Center for a Major Marketing Agency

Leveraging Tehama’s cloud infrastructure, virtual Workrooms and virtual desktops generated several immediate and long-term benefits for this large multichannel marketing company – not least of which was the ability to uphold agreed-upon compliance, security and service standards during their client’s successful product launch.

Go to case study

Securely Manage All Users

Tehama allows you to set strict policies for data and application access with robust user identity management and “just-in-time” user provisioning through SCIM and SAML.

Start a Free Trial
search
Loader

Subscribe to Get the Latest News, Events and Promotions from Tehama.

Loading
X