Taking Security and Compliance Beyond Hardware and Software

At Saldutti Law Group, compliance with our industry regulations is paramount. As such, our compliance management system addresses requirements set out in the seven regulations applicable to our industry and allows flexibility for visions based on recent interpretations of legislation or case law at both the federal and state level.

A. Ensure regulatory requirements are incorporated into our business policies, processes, and procedures.
B. Prescribe the necessary training for employees to ensure they understand the responsibilities for compliance with the regulations.
C. Incorporate the internal audits of policies, procedures, and processes.
D. Track consumer complaints, responses, and follow-up actions.
E. Includes corrective actions for internal and external audit findings. The firm uses internal compliance to manage and report on CMS as well as outsource compliance issues. These include:

1. Develop and maintain compliance policies, procedures, and processes.
2. Administer and tracks employee training.
3. Assesses emerging issues or potential liabilities and mismanagement.
4. Ensures corrective action measures are completed and documented. The CMS program incorporates various written policies, procedures, and processes. The CMS program prevents regulatory violations, provides cost efficiencies, and reduces business risk to our clients.



As referenced in the CMS system, the firm is diligent in maintaining data security, both physical and electronic security, and administrative controls to avoid any loss of privacy and data.


1. Secure access in all egress and egress points to any of our offices.
2. Secure access between public waiting areas and non-public firm offices.
3. Secure access to file rooms and server rooms.
4. Use closed-circuit monitoring throughout the office and exterior to the building.


1. Use of secured data transfers, including encrypted email and related programs.
2. Use of firewall.
3. Employee third-party interest site access restrictions.
4. Maintenance of security patch updates;
5. Use of secure offsite backup for encrypted data.
6. Continuous scanning for viruses and malware throughout our system.
7. Frequent security integrity scans.
8. Oncoming claims data is managed electronically.


1. New user security policy.
2. Clean decks policy and security policy including visitor policy.
3. Approval for any use of removal media by employees and third-party vendors.
4. Security integrity policy.
5. Document retention and purging policy.

Saldutti Law Group is an effective security and compliance partner in:

  • SOC-1 Type 1 Certified
  • Vulnerability assessment and penetration testing
  • ISO 27001/2
  • Shared Assessments – standardized information gathering questionnaire and/or agreed upon procedure assessment preparation


The firm continually undertakes risk assessment and maintains an ongoing review concerning risk both internally and externally. The firm continually evaluates clients' requirements concerning intricate compliance in regulatory area. The firm takes extensive steps in order to understand its regulatory responsibilities and intricacies of the financial markets.

Saldutti Law continually upgrades its operational efficiencies in order to reduce errors and provide quality assurance to our financial and other creditors. Our state-of-the-art service delivery model allows for operational efficiencies.

The firm maintains extensive written policies and procedures concerning the above areas. The firm maintains extensive training procedures, including job specific training, to ensure full compliance with all company policies and procedures. These include current threat assessments and constant security awareness training.

Saldutti Law undertakes vigorous vendor management overview and oversight, including non-disclosure agreements and related investigatory processes to ensure that the risk and information security and regulatory compliance requirements are met.

The firm's security controls continually assess confidentiality, integrity, and availability. The CIA is critical to the firm's success and in the environment that the firm operates and conducts its business on behalf of its clients. The firm has been on the cutting edge for business continuity and disaster recovery plans, including data backup and network monitoring and cross-training employees. The firm's implementation of various procedures and processes has allowed it to achieve continued success with third-party vendor audits.

If you have any questions or would like to further review Saldutti Law Group's Compliance and Privacy Regulations and Guidelines, please contact us here.