Achieve Documented Compliance

Virtual Auditor can create policy, track adherence, provide up to the minute analysis of successes and gaps, produce voluminous documentation of your efforts, and help you achieve compliance with a myriad of requirements quickly and affordably!

Compliance – Requirements – Solutions!

Virtual Auditor has constructed the ideal Compliance Lifecycle. Beginning with construction of a common controls framework for your organization, choose from over 100 information security and data privacy regulations, frameworks, and industry requirements. Then, add your organization’s contractual commitments that are in excess of these mandates. Your Virtual Auditor Internal Controls Framework (ICF) will be used to develop policies, measurable rules, audit criteria, and extensive documentation to demonstrate sincere and sustained effort towards compliance.



If your organization collects, processes, stores, transmits, or archives certain credit card information, known as cardholder data, then you're probably subject to the Payment Card Industry Data Security Standard (PCI DSS). PCI DSS requirements are regularly updated in order to protect card holder’s information, and to reduce the number and impact of credit card data breaches. Virtual Auditor will help you understand PCI-DSS, determine and document your PCI scope, implement suitable controls, test the ongoing efficacy of your controls, and produce consistent documentation to demonstrate your efforts.

HIPAA Privacy & Security

HIPAA Privacy & Security

The Health Insurance Portability and Accountability Act (HIPAA) protects the privacy and security of Protected Health Information (PHI). Healthcare Providers, Payers, and Clearing Houses must sufficiently protect PHI, as must their many Business Associates.

Most Healthcare Providers and Payers also require their entire supply chain to adequately protect the Privacy & Security of PHI. Virtual Auditor can help you implement and document these efforts.


EU General Data Protection Regulation (GDPR)

The General Data Protection Regulation (GDPR) protects the personal data of EU citizens regardless of the location of the collector, processor, or the data. Organizations must be compliant with GDPR by May 25th, 2018. Organizations must undertake a significant analysis of data collection practices, protections afforded to the data, and personnel to ensure the activities and oversight. Penalties for infringement of the General Data Protection Regulation can be up to €20,000,000 or 4% of worldwide annual turnover, whichever is the greater amount. Virtual Auditor can help your organization understand GDPR, find the applicable data, protect it and prove it!

HiTrust CSF

HiTrust Common Security Framework

The HITRUST Common Security Framework (CSF), developed in collaboration with information security professionals, rationalizes relevant regulations and standards into a single overarching security framework. Because the HITRUST CSF is both risk and compliance-based, organizations can tailor the security control baselines based on a variety of factors including organization type, size, systems, and regulatory requirements. Virtual Auditor can help you design policies, procedures, and controls indexed according to the HITRUST CSF, that are testable and documented, in order to prepare for a HITRUST assessment or certification.

CIS Top 20 Critical Security Controls

CIS Top 20 Critical Security Controls

The Center for Internet Security (CIS) Top 20 Critical Security Controls (previously known as the SANS Top 20 Critical Security Controls), is a prioritized set of best practices created to stop the most pervasive and dangerous threats of today. It was developed by leading security experts from around the world and is refined and validated every year. Implementing the CIS top 20 critical security controls is a great way protect your organization from some of the most common attacks.

CIS Benchmarks

CIS Benchmarks & Compliance Solutions

The Center of Internet Security (CIS) is a non-for-profit organization that develops their own Configuration Policy Benchmarks, or CIS benchmarks, that allow organizations to improve their security and compliance programs and posture. This initiative aims to create community developed security configuration baselines, or CIS benchmarks, for IT and Security products that are commonly found throughout organizations.


NY Department of Financial Services (NYDFS)

23 NYCRR Part 500 became effective on March 1st, 2017. The one year transition period has ended, and the eighteen month transitional period is quickly approaching. By March 1st of 2019, affected organizations must comply with all portions of Part 500. The purpose of Part 500 is to require banking, financial services, and insurance organizations to establish and maintain a "risk-based, holistic, and robust security program" that is designed to protect consumers' private data. Virtual Auditor has developed an effective and achievable Part 500 program that will help ensure your successful implementation of these comprehensive requirements.

Personally Identifiable Information

Personally Identifiable Information (PII) Laws

Personally Identifiable Information (PII) varies by state law in both definition and requirements. Virtual Auditor comes equipped with an up to date engine that includes all of the many state laws related to PII, their programmatic requirements, and their data breach implications, all mapped back to ISO 27002 and other overlapping frameworks.

Don't guess! Get Virtual Auditor and prepare!

VA is Your Compliance Solution

Virtual Auditor contains over 100 cross-indexed information security laws and frameworks right out of the box!

contact us