security & compliance
Website Security and Compliance covers a broad range of situations and applications. At the most basic level, your public website needs to employ a base level of security measures to protect not only your visitors information, but also your company's information. As your website needs advance to things like online transactions and data collection, the security risks and. needs increase. Below are examples of specific web security and how our approach differs for each.
essential website security
Even if your website is a simple online brochure, there are security measures that need to be addressed. When we approach security for a basic website, we are generally looking at it from two different angles. First - we want to ensure your site protects any data entered by your visitors. This includes filling out forms, cookies, etc. The first step here is ensuring your have a properly configured SSL certificate. Second - we want to secure your company's information as well. This involves making sure your site doesn't easily provide hackers and internet bots access to employee's email accounts, or other identifying information that could put your company and its employees at risk.
security for special web applications
As we move beyond basic websites and into the realm of eCommerce, online communities, complex forms and customer engagement - it's even more important to have a comprehensive plan to ensure data transfer and storage every step of the way. In these instances, we will make sure you have proper data encryption installed and configured as well as reviewing your website's processes to make sure you aren't putting any information in jeopardy as a result of poor planning or bad practices.
website compliance
In many cases – we have to consider website compliance as part of any overall security plan. The needs change depending on what industry the site exists in. When creating or mainting a website, we can work with our clients to ensure the site meets any underwriting or compliance needs as required by your industry – whether its medical, financial, insurance, legal, etc. There are some specific areas that require specialized compliance that we are already well-versed in:
- Medical – We have built and managed numerous websites and web applications that serve the medical community. As such, we are well-versed in HIPAA guidelines as they relate to data storage, transfer, and patient engagement through your website. While it may seem easy enough to turn an intake form into an online form – there are lots of things to consider to make sure your website doesn’t jeopardize your compliance status.
- PCI / eCommerce – If you sell items online, even if it’s just a few, you are still responsible for meeting PCI-DSS requirements. These involve three areas specifically. First – your site must employ a base-level of security that meets PCI-DSS guidelines. This is primarily concerned with SSL and encryption. Second – your site must demonstrate compliance in how electronic transactions are processed. Lastly – your site has to show compliance in how and what customer information is stored. We have implemented these guidelines across many eCommerce projects, and can help our customers decipher and implement these rules and regulations.
- Financial – When developing a website for a company that provides financial services, whether it be banking or financial advisement, we will make sure your site meets all requirements. Once we know the specific nature of the site, we can take known guidelines, and any specific guidelines and incorporate those standards into your content-development or maintenance plan.
- ADA – Is your website or web application ADA compliant? Not every client is as concerned about ADA compliance – but there are varying degrees. A small brochure website doesn’t have as much to worry about typically. However, the more visible your brand is, or if your product / service is more likely to be exposed to users requiring assistive technology, ADA compliance can be a key factor in ensuring your site is easy to use for your client-base. Also – there are still instances where websites find themselves the target of an ADA legal complaint, and require assistance in either remediating their online presence to meet guidelines, or providing documentation of ADA compliance practices. We have experience in all of these instances and help our clients get ahead of these issues in the quickest manner possible.
Don’t wait for something bad to happen. Contact us today to make sure your current or future website is not only secure, but compliant with any relavent industry regulations.
Ready to get started?
Do you have a project you would like to discuss with us? We're happy to setup a meeting or phone call to get details and discuss further steps. We never charge for the initial consultation.
We look forward to hearing from you.
We look forward to hearing from you.