Regulatory Compliance

Tehama takes the heavy lifting out of compliance, making it easier for your organization to meet specific regulatory requirements.

SOC 2 Type II Certification
SOC (Service Organization Controls) certifications are the internal data protection controls that are implemented at a third-party service organization. SOC certifications protect the systems or data that are being accessed by third-parties. SOC 2 Type II reports are the most comprehensive SOC certifications. A company that has achieved SOC 2 Type II certification is taking a proactive approach and investing in keeping its clients’ data secure. For service providers working with cloud and IT services, this certification is critical for their regulators, examiners, and auditors.
Typically, an MSP will choose to be evaluated against the security, availability, and confidentiality categories. Data security is critical to the livelihood of MSPs, and taking a proactive approach with critical controls is a huge differentiator from competitors.
Achieving SOC 2 Type II compliance takes a dedicated compliance team, regular audits, and engaging an independent third party to produce bi-annual reviews. The costs can easily reach hundreds of thousands of dollars.
With Tehama you can leverage a SOC 2 Type II end-user compute environment and achieve and maintain regulatory compliance requirements for heavily regulated industries such as banking, financial services, health care, energy and utilities, insurance and government enterprises. The Tehama solution has 81 SOC 2 Type II controls built into the platform, saving you time and resources on your internal SOC 2 Type II audits.
SOC 2 Type II Certification
NYDFS 23 NYCRR 500 Regulation
The State of New York is the first state to introduce a cybersecurity regulation designed to protect the financial services’ critical infrastructure. The NY Department of Financial Services (NYDFS) introduced the NYDFS Cybersecurity Regulation (23 NYCRR 500) that imposes new cybersecurity requirements on all covered financial institutions.
The 23 NYCRR 500 Regulation applies to all businesses operating under or required to operate under DFS licensure, registration, or charter, or which are otherwise DFS-regulated, as well as, by extension, unregulated third-party service providers to regulated entities.
Accelerate Your Compliance With Tehama Section 500.11 requires all financial services (covered entities) to comply with the Third Party Service Provider Security Policy regulation. “Section 500.11 Third Party Service Providers.
In Tehama, financial services organizations can set cybersecurity policies such as treatment of data, access to sensitive data, privileged credential management and obfuscation, nationality and secret clearance access, geo-fencing access with partner IAM solutions, and additional compliance regulations for third-party service providers. Tehama can track how third parties, such as service providers are adhering to their policies and prevent them from delivering or accessing critical systems if they fail to comply with the policies.
Tehama Applies Several Layers Of Protection To Adhere To Section 500.11B.
Via deep audit, activity logging and session recordings, the financial services institution can track every single person within the service provider entity or sub-contractor’s activity while delivering services on mission critical and data sensitive assets.
NYDFS 23 NYCRR 500 Regulation
NERC & CIP
The North American Electric Reliability Corporation (NERC) is a non-profit international regulatory authority that oversees the effective and efficient reduction of risks to the reliability and security of the grid.
NERC develops and enforces Reliability Standards. NERC CIP v5 addresses cyber-related risks facing this sector by promoting organizations to categorize Bulk Electric Systems (BES) into high, medium, and low impact. Once categorized, BES assets can have appropriate Critical Infrastructure Protection (CIP) standards applied to address risks.
Tehama’s secure perimeters and firewalls address vulnerabilities encountered during remote access.
NERC & CIP
FIPS
Federal Information Processing Standards (FIPS) are a set of standards that describe document processing, encryption algorithms and other information technology standards for use within non-military government agencies and by government contractors and vendors who work with the agencies.
Organizations that use Tehama will be able to take advantage of the platform to meet security requirements for handling data. The platform’s secure perimeters, automated encryption, continuous malware protection, and network segregation protect corporate assets.
Tehama secures data and intellectual property from breaches and abuse. Secure Virtual Workrooms prevent data from escaping. Users and Workroom owners have full visibility into all data and intellectual property used in the Workroom. Because data and IP never leave the Workroom, endpoint devices being lost or stolen don’t pose a threat to data breaches.
FIPS
HIPAA
The Health Insurance Portability and Accountability Act of 1996 is United States legislation that provides data privacy and security provisions for safeguarding medical information.
Tehama’s virtual perimeters ensure that medical records are secure when working with employees or other third-parties. The platform adheres to a zero-trust access model, applying MFA (Multi-Factor Authentication) and network access policies. There is a deep workflow and approval process for granting access to Tehama Workrooms with MFA or SAML/SCIM integration to ensure only trusted and approved members have access to the Workroom.
Tehama focuses on protecting the data and intellectual property from breaches and abuse. Tehama’s secure Workrooms prevent data from escaping. Users and Workroom owners have full visibility into all data and intellectual property used in the Workroom.
HIPAA
PIPEDA
The Personal Information Protection and Electronic Documents Act (PIPEDA) is a Canadian law relating to data privacy. It governs how private sector organizations collect, use and disclose personal information in the course of commercial business.
Tehama’s virtual perimeters ensure that organizations are compliant with PIPEDA. The platform adheres to a zero-trust access model, applying the principle of least privilege, MFA (Multi-Factor Authentication), and network access policies. There is a deep workflow and approval process for granting access to Tehama Workrooms with MFA or SAML/SCIM integration to ensure only trusted and approved members have access to the Workroom.
Tehama focuses on protecting the data and intellectual property from breaches and abuse. Tehama’s secure Workrooms prevent data from escaping. Users and Workroom owners have full visibility into all data and intellectual property used in the Workroom. Because data and IP never leave the Workroom, endpoint devices being lost or stolen don’t pose a threat to data breaches. In this case, Tehama helps enforce requirements for PIPEDA.
PIPEDA
CyberSecure Canada Cybersecurity Controls
The federal government of Canada’s new Centre for Cyber Security CCCS recently announced a new two-year cybersecurity program. The goal of the new program, CyberSecure Canada, is to help small and medium-sized businesses (SMBs) achieve a minimum required level of cybersecurity.
The program is also focused on increasing consumer confidence in the digital economy, promoting international standardization, and giving SMBs the ability to better compete globally.
The certification is comprised of a baseline set of cybersecurity controls developed by the Canadian Centre for Cyber Security. These controls include establishing an incident response plan, regularly patching operating systems and applications, and using security software and securely configuring devices.
Four of these critical controls can be addressed with Tehama to help SMBs achieve certification; strong user authentication, secure perimeters, secured cloud and outsourced IT services, and implementing access controls.
With Tehama’s secure and compliant virtual desktops SMBs can quickly and securely onboard employees and third-party IT services providers to access systems. Tehama enables any end-user device to securely connect to systems without the risk of malware intrusion or data breaches and intellectual property theft.
Tehama provides all the components for secure cloud-based Windows or Linux workspaces, including dedicated encrypted network channels, firewalls, access and role restrictions, MFA user authentication and geo-fencing, storage, and end-user compute infrastructure (virtual and secured desktops with auto-patching and updates to keep your OS secure), and deep audit logs within a secured perimeter called a Workroom—making it easier for you to achieve your cybersecurity goals.
Each secure virtual Workroom is configured to work directly with the organization’s network via the Tehama gateway, which encrypts and restricts all traffic flow to within your network only. The secured network eliminates the risk of third-party attacks. Virtual desktops are accessible via the Tehama Web UI — that requires strong MFA authentication.
Session recordings show all user activity performed in a Workroom, right down to the keystroke, for exceptionally accurate auditing as well as forensic analysis and live viewing for training and monitoring purposes. The File Vault is an encrypted storage volume that enables secure information-sharing, fully isolated from any other Workrooms to ensure zero data leakage. The Secrets Vault provides secure storage of credentials and firewall rules for privileged-access assets — with masking to prevent the possibility of copying credentials outside the Tehama platform.
Tehama allows you to set strict policies for data and application access with robust user identity management and “just-in-time” user provisioning through SCIM and SAML. Access to credentials and other assets is available only after successful two-factor authentication and single-use passwords prevent access after a session has ended.
CyberSecure Canada Cybersecurity Controls
Transition Lines

How Tehama Rapidly Enabled a Virtual Call Center for a Major Marketing Agency

Leveraging Tehama’s cloud infrastructure, virtual Workrooms and virtual desktops generated several immediate and long-term benefits for this large multichannel marketing company – not least of which was the ability to uphold agreed-upon compliance, security and service standards during their client’s successful product launch.

Go to case study

Securely Manage All Users

Tehama allows you to set strict policies for data and application access with robust user identity management and “just-in-time” user provisioning through SCIM and SAML.

Book a Demo
search
Loader
X