IT Compliance & Data Governance

The IT governance and compliance needs of businesses vary widely. For small businesses, IT governance is often an informal process for the management of services that support the business. For larger companies, IT governance is a framework – a significant set of policies, procedures, and controls – that is applied organization-wide to enforce corporate standards and assure regulatory compliance. Common compliance frameworks include HIPAA, GDPR, CIS, NIST, and more.

A governance framework helps you define and enact standards for disaster recovery, business continuity, online backup, and business resumption processes. iCorps’ experienced and certified professionals can help identify a suitable framework to ensure that you follow policies, procedures, and documentation, then assess, create, and maintain these critical procedures for companies of all sizes. Your IT governance framework helps ensure that you are compliant with the specific regulations that apply to your organization and industry. iCorps’ technical experts can help you enforce governance of the technologies across your organization, including:

Hublox Service Offer Image

Compliance Roadmap

Identify Risk

Compliance starts with visibility. Conduct a 360° Security or Compliance Benchmark assessment.

Incorporate a Framework

Classify data according to the most relevant and restrictive compliance frameworks. Customize controls to meet organization-specific requirements.

Enforce Policies

Maintain data protection and retention policies, monitor user access, and field suspicious activity. 

Top Regulatory Compliance Frameworks


The EU General Data Protection Regulation (GDPR) is effective as of May 25, 2018. It affects all organizations that hold personal data on EU citizens, regardless of where the organization is based in the world. Implementing a data protection strategy that includes encryption and anti-malware security is vital.


The Health Insurance Portability and Accountability Act (HIPAA) applies to any organization that collects, stores or shares protected health info (PHI), including health plans, healthcare clearinghouses, and providers who conduct financial and administrative transactions electronically, like hospitals.


The CIS Critical Security Controls provide a catalog of prioritized guidelines and steps for resilient cyber defense and information security mitigation approaches. This gives organizations an organized security action plan to stay compliant with major industry regulations like HIPAA, PCI DSS, and more.


The National Institute of Standards and Technology Cybersecurity (NIST) framework consists of standards and best practices to manage cyber risk. It was developed with a focus on industries vital to national and economic security, including energy, banking, communications, and the defense industrial base.


The Payment Card Industry Data Security Standard (PCI DSS) is a set of twelve security standards to ensure all companies and vendors that accept, process, store, or transmit credit card and financial information secure it to protect cardholders against misuse of their personal information (PII).


The Sarbanes-Oxley Act of 2002, aka the Public Company Accounting Reform and Investor Protection Act, responded to a number of major corporate and accounting scandals. All publicly-traded companies are required to comply, and a number of the Act’s provisions apply to privately held companies.

ISO/IEC 27001

ISO 27001 is an international standard published by the International Standardization Organization (ISO). It provides methodology for information security management. The focus of ISO 27001 is to protect the confidentiality, integrity, and availability of a company’s information.


The New York State Department of Financial Services (NYDFS) issued 23 NYCRR Part 500 – Cybersecurity Requirements for Financial Services Companies – to ensure financial firms maintain minimum cybersecurity standards to protect consumers and prevent cyberattacks to the fullest extent possible.