Security Standards and Compliance


Churchill & Harriman (C&H) provides comprehensive solutions to help clients satisfy legal, regulatory, and contractual compliance requirements, while optimizing costs. We accomplish this by working with you to operationalize repeatable and auditable controls and processes that satisfy internal and external audit requirements. These repeatable controls help achieve cost optimization and lower your year-over-year enterprise compliance spend.

We focus on helping organizations wholly address compliance requirements, and we deliver results that surmount the most stringent enterprise, regulatory and governing body scrutiny. The most discerning clients depend on Churchill & Harriman to satisfy their compliance requirements.

Compliance Services

Churchill & Harriman provides enterprise risk management guidance and executes third-party risk assessments according to the following laws, regulations, standards, and commercial practices:

  • National Institute of Standards and Technology (NIST)
  • NIST SP800-53 assessments
  • NIST Cybersecurity Framework (CSF) assessments
  • International Organization for Standardization (ISO)
  • ISO 27001 pre-certification preparation and post-certification surveillance
  • ISO 22301 business continuity management/disaster recovery planning
  • ISO 22307 privacy impact assessments
  • Cybersecurity Maturity Model Certification (CMMC) Levels 1-5
  • The CRI Profile
  • GLBA – Gramm–Leach–Bliley Act
  • Family Educational Rights and Privacy Act (FERPA)
  • Federal Financial Institutions Examination Council (FFIEC)
  • Sarbanes-Oxley Act (SOX)
  • Shared Assessments Program – SCA, SIG
  • Health Insurance Portability and Accountability Act (HIPAA)
  • Health Information Technology for Economic and Clinical Health (HITECH)
  • Financial Services Authority (FSA)
  • European Banking Authority (EBA)
  • Australian Securities and Investments Commission (ASIC)
  • Medicines and Healthcare Products Regulatory Agency (MHRA)
  • Food and Drug Administration (FDA) regulations, such as 21 CFR Part 11 on electronic records and electronic signatures
  • Department of Commerce Safe Harbor Program

For More Information on C&H's Third Party Risk Governance and Assessments Program