IT Compliance

Am I Compliant?  This is the question many Chief Information Security Officers and IT auditors ask themselves on a daily basis.  It seems like every day a new regulatory requirement and mandate is popping up making you question whether you are in fact compliant.  If it has not been updated, last year’s compliance report was inaccurate the very day it was delivered.  This ever moving target requires a level of insight, automation, and expertise that is difficult for many organizations to staff and support over time.  This often leads to audit times fraught with fear of the unknown, fines, or worse.  Whether it be HIPAA, PCI, OCC, European Data Privacy, NIST, or the myriad other requirements, Prevalent compliance services brings together the leading compliance professionals, best practices approaches, project management, development resources, and technology partnerships to ensure you are able to get ahead of the compliance curve and proactively answer the question “am I compliant?” with an unequivocal “Yes!”.

  • Security Assessment 
  • Company infrastructures have changed radically over time as both business and end user requirements evolve. These changes have created a landscape of networks shaped by countless infrastructure components and security configurations. Most organizations worry about risk exposures created both inadvertently and maliciously to their networks due to these ever increasing complex networks.

    Prevalent Networks professional services organization offers several services in support of identifying risks to existing network and security configurations.

    Prevalent vulnerability assessment services can be tailored based on business and compliance requirements:

    • With prior knowledge of the network environment and/or;
    • Without prior knowledge of the network environment and;
    • Externally without access from the internal network and/or;
    • Internally with full access to all network resources


    These security, vulnerability, and/or configuration assessments offer peace of mind by:

    • Reviewing the existing configuration of network devices and policies against best practice
    • Identification of existing un-patched vulnerabilities that could impact production IT functions
    • Relative risks of vulnerabilities based on asset and network architecture
    • Remediation recommendations
    • Findings reporting to satisfy internal and external compliance requirements


    Regular, on-going assessments assist organizations in making sure changes made between assessments do not introduce additional risk. Additionally, Prevalent Networks can work with your staff to support making the recommended changes should you desire.

  • Compliance Posture Assessment 
  • Are you compliant?  Perhaps you have thought about this question in relationship to the existing regulatory landscape or your internal policies.  Most organizations often struggle with whether they are achieving regulatory, policy, and security compliance.  Others are trying to understand the organizational compliance posture and possible risks associated with non-compliance.  Understanding the risk is critical to peace of mind, reducing corporate liability, and creating a remediation strategy.

    Prevalent Networks consulting services offer your company the ability to get a handle on your existing IT compliance posture.  Prevalent will work with your staff to identify what compliance areas you are concerned with and target IT resources to determine compliance against regulatory, security, and internal standards.  Prevalent utilizes both internally developed and commercially available tools to develop a comprehensive compliance posture assessment report.

    Some of the common compliance regulations we work to identify IT compliance posture against:

    • PCI
    • Sarbanes Oxley
    • HIPAA
    • GLBA
    • SEC
  • Compliance Policy Review and Mapping 
  • As the number of corporate regulations and IT frameworks continue to expand, organizations are looking for ways to confirm that organizational policies are adequate to meet the current challenges. If you have dealt with the following you may want to consider this service:

    • Internal audit requests for new regulatory requirements
    • Management requirements for IT framework integration (ISO, CobiT, ITIL, etc…)
    • Acquisition of another company
    • Recently have gone public
    • Recently opened a US subsidiary
    • Recently started a new line of business in a regulated industry
    • Looking at opportunities in a regulated industry
    • Dealing with the following regulations and not receiving guidance from audit:
      • PCI
      • HIPAA
      • SOX
      • J-SOX
      • State Privacy/Breach Regulations (i.e. CA SB 1386, etc…)


    Prevalent Networks compliance policy review and mapping can confirm and identify your organization’s compliance requirements and map these against existing policies to determine gaps between the existing policy and those required for compliance. Additionally, policy recommendations and guidance will be offered as a roadmap for building new policies.

  • Email and File Archiving Management, Compliance, and Discovery 
  • The management of information has become a critical concern for most companies.  The majority of our clients are facing questions including:

    • How can I get rid of PST and/or NSF files on user desktops?
    • How long should I retain email for?
    • How can I make the most of my storage environment?
    • How can I manage the process of archiving email and ensuring that emails are purged when required?
    • Can I get insight into my emails to make sure users are following regulations and corporate policies?
    • How can I better manage emails from a single location
    • How can I more easily discovery and put emails into litigation hold when my legal team needs this done?
    • How can I reduce the time to recover my email servers from a disaster?


    These and other questions are answered by Symantec’s Enterprise Vault solutions.  Prevalent Networks technical and consulting staff have years of experience implementing and integrating Enterprise Vault as a platform for email mailbox management, email and file archiving management, email compliance, and legal discovery.


    Prevalent Networks offers the following services to assist in the integration of Enterprise Vault into your environment:

    • Email/File Storage Environment Assessment
    • Email and File Retention Policy Review and Recommendations
    • Backup and Recovery Process Review
    • Enterprise Vault Architecture and Design Based on Symantec and Industry Best Practices
    • Enterprise Vault Technical Implementation and Integration
    • Training
  • Symantec ESM to CCS Migration 
  • Organizations that have leveraged Syamntec Enterprise Security Manager understand that moving to Control Compliance Suite can offer significant benefits to the organization.  Migrating to the new platform requires careful analysis, thought, and planning.  Prevalent has significant experience working with the largest corporations globally.  Let us help you migrate today.

  • CCS Healthcheck 
  • Are you a user of Symantec Control Compliance Suite that hasn’t upgraded in a while. A Prevalent CCS healthcheck is a great way to understand the health of your CCS environment as well as understand the latest capabilities and architecture that is available in CCS 11.0. A Prevalent CCS consulting expert will work with you to:

    1. Review the current CCS infrastructure.
    2. Identify Gaps that are impacting performance.
    3. Recommend policy and mandate updates that may be meaningful to your organization.
    4. Review new capabilities and recommend infrastructure upgrades, if necessary.
    5. Provide an executive report to highlight results and recommendations.
  • Contact Us