Drupal Compliance

compliance logo

 

HIPPA, NIST, PCI, Section 508. Having trouble making sense of all this compliance. Did you just find out your Drupal website needs to be 508 or HIPPA compliant and aren't sure where to start. Call Peerless Design. We will help you understand and comply with the standards needed to launch your project.

Section 508 Compliance

In 1998 the US Congress amended the Rehabilitation Act to require Federal agencies to make their electronic and information technology accessible to people with disabilities. Section 508 was enacted to eliminate barriers in information technology, to make available new opportunities for people with disabilities, and to encourage development of technologies that will help achieve these goals. The law applies to all Federal agencies when they develop, procure, maintain, or use electronic and information technology. Under Section 508 (29 U.S.C. § 794d), agencies must give disabled employees and members of the public access to information that is comparable to the access available to others.

Peerless design provides 508 compliance audit and remediation to ensure your website meets the requirements to pass a Section 508 Audit.

Peerless design will:

  • Evaluate system for Section 508 Compliance
  • Provide a detailed report of the current status and fixes
  • Assist in making necessary changes to ensure compliance
  • Provide tools to ensure compliance
  • Complete periodic reviews to ensure future compliance

HIPPA Compliance

“Individually identifiable health information” is information, including demographic data, that relates to:

  • The individual’s past, present or future physical or mental health or condition

  • The provision of health care to the individual

  • The past, present, or future payment for the provision of health care to the individual

  • Any information that identifies the individual or for which there is a reasonable basis to believe it can be used to identify the individual.

  • Individually identifiable health information includes many common identifiers (e.g., name, address, birth date, Social Security Number).

A person who knowingly obtains or discloses individually identifiable health information in violation of the Privacy Rule may face a criminal penalty of up to $50,000 and up to one-year imprisonment. The criminal penalties increase to $100,000 and up to five years imprisonment if the wrongful conduct involves false pretenses, and to $250,000 and up to 10 years imprisonment if the wrongful conduct involves the intent to sell, transfer, or use identifiable health information for commercial advantage, personal gain or malicious harm. The Department of Justice is responsible for criminal prosecutions under the Privacy Rule.

Peerless design provides HIPPA compliance audit and remediation to ensure your website meets the requirements to pass a HIPPA audit.

Peerless design will:

  • Evaluate system for HIPPA Compliance
  • Provide a detailed report of the current status and fixes
  • Assist in making necessary changes to ensure compliance
  • Provide tools to ensure compliance
  • Complete periodic reviews to ensure future compliance

PCI Compliance

Version 3.0 of the PCI compliance standard has been made mandatory as of January 1st, 2015 and is a complete game changer for most Drupal eCommerce sites. The new version added a ‘Best Practices for Implementing PCeI’ section, aiming to turn it into a ‘business as usual’ process. A good example of this is how it aims to make PCI DSS compliance ‘continuous’ rather than an annual validation exercise. The new version emphasizes the need to establish a culture of security through more education to maintain and drive accountability throughout the organization. It also calls out the need for more processes to ensure that payments are secure, rather than merely ensuring that a merchant has a specific security technology in place.

Peerless design provides PCI compliance audit and remediation to ensure your website meets the requirements to pass a PCI audit.

Peerless design will:

  • Evaluate system for PCI Compliance
  • Provide a detailed report of the current status and fixes
  • Assist in making necessary changes to ensure compliance
  • Provide tools to ensure compliance
  • Complete periodic reviews to ensure future compliance

What our clients are saying