Compliance
Services

Floating Item
As companies grow and evolve, they often must deal with one form of compliance if not multiple! Most IT companies can offer rudimentary technical support. However, one of our main differentiators is our compliance services. Often growing companies need to seek a 3rd party consulting firm outside of their IT department to handle the compliance. Not with ICE! We have helped countless companies with a variety of compliance requirements over the years.
Not only do we staff compliance specialists that can be assigned to your technical team of experts, but we also are SOC 2 Type II Certified. If your company is looking for
help with compliance from an IT provider they must have their SOC 2 certification, and only about 5% of managed IT providers have their actual certification.
Time consuming and tedious compliance can chew up an immense amount of time and resources. With ICE, your teams can remain focused on growing your core business while we take care of the rest!

Types Of Compliance We Can Assist You With:

Here are some
recent examples
of companies
we helped with
their compliance:

Biotech Company Enlists
ICE Consulting’s Assistance
in ISO 27001 Compliance

Industry: Biotech & Life Sciences
Company size: 1,000+ Employees ($4 Billion Market Cap)
Location: South San Francisco, California

Read Case Study

Challenge:

A $100-million-a-year biotech company was seeking compliance based on the ISO 27001:2013 standards published by the International Standards Organization (ISO) located in Switzerland. The ISO 27001 standard is the framework that quantifies the vulnerabilities and threats of the ISMS (information security management system) of an international organization. It includes assessing the processes and policies of how a company uses and controls data. ISO 27001 is considered one of the toughest compliance certifications to obtain and maintain.

Solution:

This synthetic biology company hired ICE Consulting for help with the IT-related portions of both the preparation and evidence gathering phase, and the audit phase of the ISO certification process beginning in 2018. ICE provided the necessary documents for:

  • Capacity planning and incident response planning
  • Diagrams such as network time standards and physical network layout
  • General policy and security consulting
  • Consultation with the company during the audit process to assist and answer questions from the auditors
  • 100+ hours of consultation

Results:

With the help of ICE Consulting’s compliance specialists, our biotech client became ISO 27001 certified in late 2019, and we have continued to help the company maintain its certified status every year since then. We also assisted our client in obtaining an additional ISO certification for the manufacture of medical equipment, ISO 13485.

ICE Helps Medical Technology Company
Meet Hi-Trust Compliance—HIPAA
on Steroids

Industry: Biotech & Life Sciences
Company size: 1,000+ Employees ($4 Billion Market Cap)
Location: South San Francisco, California

Read Case Study

Challenge:

A medical technology company was seeking compliance based on the Hi-Trust standards. Hi-Trust represents to patients and physicians that the technology provider has met the standards for identity and medical data protection. Hi-Trust has been called “HIPAA on Steroids” due to the requirements dictated for protecting patient information.

Solution:

ICE Consulting provided assistance in the following areas:

  • Preparation and evidence-gathering phase, and the audit phase of the certification process beginning in fall of 2020
  • Established company policies working with the company’s IT and HR departments and key personnel
  • Set up and monitored IT-related mechanisms necessary to implement the newly created policies
  • Assisted during the audit process to answer questions from the auditors.

Results:

The company became Hi-Trust certified in late 2021. Moving forward, we will help them maintain their certified status by supporting this client with our Security Operations Center (SOC) using tools such as Securonix Security Incident and Event Management (SIEM), User and Endpoint Behavior Analysis (UEBA), and network Traffic Analysis (NTA) offerings and CheckMK.

US Government Contractor Adopts
NIST 8000-Cybersecurity Framework,
Thanks to Assistance from ICE

Industry: Department of Defense (DOD) Prime Contractor
Company size: 300+ Employees (Private company)
Location: Palo Alto

Read Case Study

Challenge:

This US government contractor is required to comply with the standards of NIST regulation 800-171. The Cybersecurity Framework (CSF) details the policies, procedures, and steps necessary to protect an organization from possible threat situations that government organizations and contractors face from bad actors both internal and external. 

Solution:

ICE worked with the contractor to make the necessary changes to their IT infrastructure. We worked with the customer’s security personnel to set up the right hardware including new next-generation firewalls, advanced management software, and compliant VPN services to meet the standards.

Results: 

Thanks to ICE Consulting, the government contractor met the standards to become NIST 800-171 compliant. ICE is currently assisting the customer on the CMMC (Cybersecurity Maturity Model Certification) process.

Schedule a FREE CONSULTATION
to discuss your compliance needs today!