IT Advisory

managing
technology risk

Risk is inherent when conducting business. 

Many companies are aware of the IT and operational risks they face; however, organizations often overlook preventive measures in an effort to manage capital and resource costs. The risks associated with letting IT systems and infrastructure become an afterthought can present threats to the health of your business, including:

  • Impact to systems availability
  • Issues related to information integrity and confidentiality
  • Cybersecurity breaches
  • Gaps in network and data security
  • Compliance gaps and related monetary penalties

IT plays a crucial role in any organization. Let DHG help you assess the confidentiality, integrity, and availability of information that drives your business.

We help companies of all sizes develop sound practices while keeping cost efficiency and effectiveness in mind. Using a risk-based and solutions-driven approach, we offer assistance according to your needs and the complexity of your IT infrastructure:

  • Before an issue arises, we can advise on preventive measures to reduce IT risk
  • As concerns arise, advise management with assessing IT risk posture to reduce and mitigate issues
  • After an issue has occurred, we can assist in the areas of incident response and fraud examination

Our resourceful professionals have the tools and insight you need to reduce your IT risk and help you reach your goals.

Our IT Advisory Services team has the experience and knowledge with the credentials to back it up. They retain extensive knowledge and skill in their respective focus areas and log a wide range of valuable certifications including CISA, CRISC, CCE, CISSP, GCIH, PCI/QSA, CTGA, HITRUST CSFP and HCISPP. From project management and regulatory compliance assistance to digital forensics and incident response, DHG is equipped to meet your IT advisory needs.

Cybersecurity

In an age when cyber attacks are increasingly prevalent, it is important to take steps to reduce your cyber risk and comply with ever-evolving privacy and security regulations. DHG can help every step of the way.

As we read in the news almost daily about data breaches, companies of all sizes are at risk through external attack, malware and inadvertent user actions. Failure to identify and address vulnerabilities and prepare for data breaches can lead to the loss of public and intellectual data, and result in: 

  • Brand and reputational damage
  • Negative earnings and market value impact
  • Lawsuits and litigation from a variety of constituents
  • Damages associated with the theft of intellectual property

 

Businesses often fail to prepare adequately for such breaches and are unsure of how to handle a potentially malicious or fraudulent event.  The DHG IT Advisory team can help you avoid the negative consequences associated with cyber security breaches.

Delivering cybersecurity and privacy strategies that compliment and strengthen your business

At DHG, we believe that security is fundamental to your business, so that your processes are secure, streamlined and efficient. In an evolving market space, we work with our clients to review the people, processes and technology in place to protect information assets. We help our clients prevent, detect and remediate cyber risk through the following: 

  • Assess security preparedness and compliance with evolving state, federal and industry regulations and frameworks, such as: PCI, HIPAA / HITECH, TR-39 and DFARS
  • Support security incident and data breach response efforts through digital forensic evaluation, triage and guidance for remediation
  • Network and web application vulnerability assessment
  • Penetration testing
  • Social engineering assessment
  • Information security and governance program development
  • Information security risk assessment
  • Policy and procedure assistance

 

Why Choose DHG?

With a history of serving clients of all sizes in a variety of industries, the DHG IT Advisory team is knowledgeable in evolving security, privacy and regulatory compliance requirements in the healthcare, financial services, insurance and retail industries.  We have helped clients develop effective security practices to achieve compliance with the following:

  • Gramm-Leach-Bliley Act (GLBA)
  • Federal Financial Institutions Examination Council (FFIEC)
  • Payment Card Industry Data Security Standard (PCI DSS)
  • Healthcare Insurance Portability and Accountability Act (HIPAA) / Health Information Technology for Economic and Clinical Health (HITECH) Act 

Digital & Computer Forensics

Digital Forensics with Dedicated Professionals and State-of-the-Art Tools

At DHG, highly qualified professionals with multi-disciplinary technical knowledge perform digital and computer forensic investigations. Trained in the latest forensic and evidence handling techniques, we conduct our investigations using tools such as:

  • EnCase, Cellebrite, Physical Analyzer, Forensic Tool Kit, Passware and BlackLight
  • Tableau forensic duplicators, write blockers, and Cellebrite UFED Touch
  • Purpose-built digital forensics labs with heightened security measures

 

Read more about our Forensics Group

Healthcare Compliance

In the wake of evolving compliance requirements, healthcare providers are accountable. 

The Health Insurance Portability and Accountability Act (HIPAA), Health Information Technology for Economic and Clinical Health (HITECH) Act and its Meaningful Use provision have rapidly reshaped the healthcare industry. Strict compliance with government standards is critical to protect and grow your business. While regulatory compliance measures may seem burdensome and demanding, non-compliance can have serious and long-term negative effects on your organization.

Our professionals can provide your healthcare facility with the information and tools needed to achieve and maintain both compliance and peace of mind. 

We leverage industry knowledge and experience, excellent client service and a tailored approach to each assessment to meet and exceed your needs. 

DHG IT Advisory professionals have earned the Health Information Trust (HITRUST) Alliance’s credential as certified HITRUST practitioners, demonstrating deep market experience and skillset required to perform HIPAA / HITECH compliance services for healthcare providers of all sizes. We deliver value by integrating our cross-functional IT and industry experience to help you identify compliance gaps and develop remediation plans while preparing for potential regulatory audits.

DHG provides the following HIPAA / HITECH compliance-related services: 

  • HIPAA / HITECH IT Compliance Reviews
  • Meaningful Use Compliance assessments
  • OCR/CMS audit preparation assistance
  • Network security assessments
  • Sensitive (ePHI) data scanning
  • Policy and procedure assistance

What you do is important, which is why the success of your company is our priority. DHG’s team is here to help you navigate your way through the complexities of HIPAA, HITECH and Meaningful Use so that you can focus on providing patient care.

IT Operations

  • IT Project Management
  • Regulatory Response
  • RFP / RFI - 3rd Party Vendor
  • Enterprise Project Planning
  • IT Program Oversight
  • Risk Advisory Services

 

Internal Audit Resource Assistance

Our Internal Audit services help ensure that you're operating in a secure and efficient manner. Our risk-based approach allows us to address the issues that present the greatest threats to your organization.

We provide outsourced, co-sourced and project-based internal audit services directly to management and existing internal audit departments:

  • Assistance with the design, assessment and development of internal audit functions
  • Assistance with the enhancement of your present internal audit processes 

PCI Compliance

Recurring breaches of consumer payment data have resulted in increased enforcement of the Payment Card Industry (PCI) Data Security Standard (DSS) to protect credit card holder data. In order to protect your business and your customers, PCI compliance is crucial.  

While compliance measures may be burdensome, they can have major benefits to businesses of all sizes, including increased client trust and business growth.  Similarly, non-compliance can cause serious and long-term negative effects, such as:

  • Financial Risk – Non-compliance fees issued by card processors, fines issued by card brands following a breach, increased per transaction fees, incident management costs in the form of forensic audits, card replacement, vulnerability remediation and paying for customer credit monitoring
  • Reputational Risk – Client loss, brand damage
  • Suspension or Revocation of Card Acceptance Privileges

You have worked hard to build your business. DHG is here to help you secure the trust of your customers. Our IT Advisory Services team is equipped with experienced Qualified Security Assessors (QSA) with the credentials and skillset to perform PCI assessments for large PCI Level One merchants and service providers, as well as smaller-scale clients. Leveraging our cross-functional IT consulting and industry experience, we can provide you with year-round assistance. Our professionals will help you meet the requirements for protecting card holder data established by the PCI DSS and can help enhance your business with the addition of data protection controls and practices to mitigate evolving risks.

Our PCI compliance services include:

  • PCI Report on Compliance (RoC) Audits – provide independent validation of PCI DSS compliance in the form of a RoC that can be submitted to an acquiring bank or the major card brands. This is a requirement for merchants with more than 6 million VISA or MasterCard transactions per year.
  • PCI Readiness Assessments – assess an organization’s readiness against PCI DSS controls and advise on strategies to close remediation gaps. The implementation of DSS v3.0 places additional security requirements on organizations that should be addressed prior to full compliance audits. Readiness assessments help organizations ensure they can demonstrate full compliance with the latest version of the PCI DSS.
  • Self-Assessment Questionnaire (SAQ) Assistance – assess your tools for self-evaluation of PCI DSS compliance. This is a requirement for merchants with less than six million VISA or MasterCard transactions per year or service providers with less than 300,000 transactions per year.
  • PCI compliant network penetration testing – identify potential network and application vulnerabilities that jeopardize cardholder data security.

SOC Reporting

Success depends on the ability to manage information used to drive core business processes. Common solutions now include full outsourcing of IT operations, outsourcing of specialized technology and applications and use of co-location facilities. The impact associated with inaccurate or delayed transaction processing, loss of data or compromise of customer information by a third-party service provider can negatively impact a company’s operations and reputation.

Companies subject to compliance with privacy regulations and those with strong vendor management programs rely on SOC reporting to understand the effectiveness of internal control environments in place at their third party service providers.

Companies often subject to SOC reports include financial transaction processors, software vendors, third-party administrators, HR and benefits processors, data centers and application service providers.

DHG Can Help

Our experienced professionals perform SOC examinations for service providers in a number of industries across the United States and internationally. We understand the value of your time and have tailored an efficient engagement approach to minimize the impact on your daily activities.

Benefits of a SOC Examination

Performing a SOC examination of a third-party service provider includes the following benefits:

  • Provides service provider customers with information on the internal control environment, including the operating effectiveness of controls affecting the customer’s internal controls over financial reporting
  • Can address a service provider customer’s need to understand the internal controls at a service provider related to security, availability, processing integrity, confidentiality and privacy
  • Can be used by a service provider customer’s financial statement auditor to determine reliance on controls in place at the service provider
  • Eliminates the need for multiple customers to perform onsite audits
  • Satisfies a requirement by many companies that an audit of internal controls be in place at their service provider
  • Indicates to potential customers a service provider’s commitment to internal controls and transaction processing integrity
  • Can identify improvement opportunities in operational areas at the service provider
  • Provides an additional marketing opportunity and competitive advantage over other service providers

DHG's IT Advisory Services span many industries. Our collaborative service line and industry approach allows us to serve clients in the following industries:

Publications Publications
IT_Advisory.jpg
IT System Development Best Practices
Companies and organizations often face the challenge of outdated IT systems that no longer support their current business model. In order to avoid common
Read More
IT_Advisory.jpg
SOC Reporting for Cybersecurity Risk Management Prog...

The American Institute of Certified Public Accountants (AICPA) has released new guidance for examination and reporting of an organization’s
Read More

IT_Advisory.jpg
Cybersecurity Attack Update
Last week, businesses and not-for-profits all over the world experienced one of the broadest cyberattacks ever carried out. DHG’s IT Advisory group has
Read More
125
5
News News
IT_Advisory.jpg
Dixon Hughes Goodman Achieves HITRUST CSF Assessor D...

Charlotte, N.C., (August 7, 2017) – Dixon Hughes Goodman (DHG), a leading provider of advisory, assurance and tax services to
Read More

IT_Advisory.jpg
DHG IT Advisory to Present at Healthcare Information...
Charlotte, N.C., (Feb. 10, 2017) – DHG IT Advisory’s Rodney Murray, CISA, CRISC, Principal, and Ryan Boggs, CISA, CRISC, Manager, will present Managing
Read More
IT_Advisory.jpg
DHG to Present on Protective and Detective Cybersecu...

Charlotte, N.C., November 18, 2015 – Tom Tollerton, Manager, will present National Institute of Standards and Technology (NIST)
Read More

125
2
Alerts Alerts
No Items.
125
0
Events Events
No Items.
125
0
Blog Blog
IT_Advisory.jpg
Reaching SOC-cess
In the January/February 2018 issue of InfoSecurity Professional, DHG’s Tom Tollerton writes about the new industry-agnostic framework that can help
Read More
IT_Advisory.jpg
SC BIZ News - Thought Leaders in the Digital Space: ...
In this special section, thought leaders in the digital space give you insights into the internet of things, cybersecurity, intellectual property law and
Read More
IT_Advisory.jpg
GSA Biz Vibe: Talking Business in the Upstate with D...
GSA Biz Vibe: Talking Business in the Upstate with Douglas Jambor
Read More
125
2
Case Studies Case Studies
IT_Advisory.jpg
IT Optimization
Client needed to determine the costs associated with core software applications to identify savings in their IT Department.
Read More
125
1
DHG TV DHG TV
rodney_thumb.jpg
Cybersecurity
In an age when cyber attacks are increasingly prevalent, it is important to take steps to reduce your cyber risk and comply with ever-evolving privacy and
Play Video
125
1
Name/Title Office vCard Email

Industry Issues



Services In Focus
Alerts, News
& Publications


Georgia Enacts Income Tax Legislation

On March 2, 2018, Governor Deal signed “House Bill 918” (the bill) into law,...
Read More

DHG Partner Liz Gantnier to Serve as AICPA Quarterly...

Charlotte, N.C., March 22, 2018 – Dixon Hughes Goodman, a...
Read More

The Tax Cuts and Jobs Act Affects Meals and Entertai...

Under new law (P.L. 115-97), the deductibility of business-related meals and...
Read More

Events



Blog

Have You Heard of...
WCSC-TV’s Live 5
Read More

Warranty Woes in ...

Warranties seem
Read More

Case Studies