Compliance & Security at Kerauno

With complex regulations and standards, Kerauno is a name you can trust. The Kerauno Difference is found in our NCS (Network, Compliance, Security) and PSP (Post Sale Process) standards, in addition to our relentless commitment to quality service and value. Our professional staff has decades of implementation and process/workflow experience and our PSP is detailed, organized and tracked via interactive project management software.


The Federal Information Security Management Act (FISMA) requires each federal agency to develop, document and implement an agency-wide program to provide information security for the information and information systems that support the operations and assets of the agency, including those provided or managed by another agency, contractor or other source.

Read more about FISMA Implementation and Modernization Act of 2014


AICPA’s System and Organization Controls (SOC) for Service Organizations are internal control reports on the services provided by a service organization that shares valuable information users need to assess and address the risks associated with an outsourced service.

SOC 2 Reports are intended to meet the needs of a broad range of users that need detailed information and assurance about the controls at a service organization relevant to security, availability and processing integrity of the systems the service organization uses to process users’ data, and the confidentiality and privacy of the information processed by these systems.

Read more about SOC here


The Health Insurance Portability and Accountability Act (HIPAA) sets the standard for sensitive patient data protection. Companies that deal with protected health information (PHI) must have physical, network, and process security measures in place and follow them to ensure HIPAA Compliance. Covered entities (anyone providing treatment, payment, and operations in healthcare) and business associates (anyone who has access to patient information and provides support in treatment, payment, or operations) must meet HIPAA Compliance. Other entities, such as subcontractors and any other related business associates must also be in compliance.

To Learn more about HIPAA please go here.


The PCI Data Security Standard (PCI DSS) provides an actionable framework for developing a robust payment card data security process, including prevention, detection and appropriate reaction to security incidents. The standards set the operational and technical requirements for organizations accepting or processing payment transactions, and for software developers and manufacturers of applications and devices used in those transactions.

Read more about PCI DSS here


The Communications Assistance for Law Enforcement Act (CALEA) was enacted by Congress in 1994 to require telecommunications carriers to provide law enforcement with certain technical capabilities when they conduct lawful electronic surveillance on telecommunications networks. The Federal Communications Commission issued an order in 2005 extending the coverage of CALEA to two-way interconnected VoIP and broadband Internet access.

The goal of CALEA is to preserve the ability of law enforcement to conduct lawful investigations despite evolutions in network technology. This goal is meant to be achieved while protecting telecommunications subscriber privacy and the ability of telecommunications carriers to launch new services and technologies.

Read more about CALEA here

CALEA Compliant

The Sarbanes-Oxley (SOX) Act requires all financial reports to include an internal control report. This is designed to show that not only are the company’s financial data accurate, but the company has confidence in them because adequate controls are in place to safeguard financial data. Year-end financial reports must contain an assessment of the effectiveness of the internal controls.

Read more about the SOX Act