Most healthcare, financial, educational, criminal justice and government organizations have to comply with a multitude of regulations whether it is regulations related to protected data, public companies, specific heavily regulated verticals or geographic restrictions.
One of the greatest barriers to cloud adoption has become the lack of clear understanding of the shared-responsibility compliance model within AWS and cloud computing in general.
Heavily regulated organizations need to balance supporting innovation through leveraging the benefits of the cloud with having a risk-based governance structure that includes clear and firm policies, procedures and personnel controls.
OC4 works with customers to overcome the cloud adoption apprehension and works with the customer to analyze the specific governance, risk, compliance, and security implications that the customer faces. OC4 will advise on how AWS and the AWS Marketplace solutions enable customers to maintain the requisite level of security and control of their users and their data. OC4 will assist in defining and documenting the customers cloud strategy and governance model, as well as the necessary security design and configuration, required to understand and comply with the shared responsibly compliance model.
For organizations that need assistance beyond consultative guidance, OC4 will assist customers with creating a custom cloud governance, risk and compliance roadmap tailored to the particular regulatory requirements that the individual customer is subject to. This involves creating cloud security and compliance road map, and detailed security and compliance design including recommendations as to the specific AWS or third party tools and technologies that are best suited for each customers unique needs and requirements.
OC4 works with Customers in support of Federal and State regulatory requirements such as:
• Cal. Civ. Code § 1789.81.5(b),
• MA 201 CMR 17.00 et. seq.,
• Nev. Rev. Stat. § 597.970 (2005),
• Nev. SB 227,
• Nev. Rev. Stat. § 603A et. seq.,
• R.I. Gen. Laws § 11-49.2-2(2) (2006);
• Tex. Bus. & Com. Code § 48.102(a) (2006).
Frameworks such as:
• CMS Edge,
Attestations and Certifications such as:
• ISO 9001,
• ISO 27001,
• PCI DSS (Level 1),
• SOC 1, SOC 2, & SOC 3,
• SEC Rule 17-a-4(f).