Skip to content

Regulatory Enclaves

A sovereign or unique Microsoft commercial environment configured to meet desired, specific compliance regulation.

What's Included

Dedicated Engineers

IT systems engineers dedicated to configuring regulatory improvements for improved compliance and security scores.

Technical Improvement Actions

The implementation of mandatory and preventative technical improvement actions within an Enclave.

Improvement Action Screenshots

Meticulous engineers capture screenshots of configuration changes with necessary callouts to be used for documentation and auditing purposes.

Improvement Action Documentation

Providing the correct verbiage as well as an actually written account of improvements for documentation and auditing purposes.

Azure & Microsoft 365 Systems Hardening

The implementation of enhancements and a configuration of systems according to best security practices or baselines.

Tenant Configured for Regulatory Requirements

Choose from common, predefined regulatory assessment templates that outline specific compliance and security improvement actions for the Enclave.

Licensing Configuration

Work directly with our certified licensing specialists to verify the security, compliance, and business requirements stipulated within government contracts.

Intune Policies Implementation

The creation of numerous Microsoft Intune technical profiles and policies that manage devices for enhanced security.

Who Needs An Enclave?

Regulatory Enclaves may not be a necessity for every client, but if you have strict regulations usually dictated by the government, Regulatory Enclaves provide true compliance and security solutions.

Bio-Chemical

Financial

Defense

Legal

Energy

Medical

Templates Available with Microsoft Compliance Manager

  • Microsoft Data Protection Baseline
  • Customers at the A5/E5/G5 subscription levels: Receive 3 Premium templates for free.
  • GCC Moderate, GCC High, and DoD customers: CMMC template, levels 1 - 5, is included.
  • Guidelines & Functional Requirements for Electronic Records Management Systems (ICA Module 2)
  • ISO 15489-1:2016
  • ISO 16175-1:2020
  • ISO 19791 - Information technology — Security techniques — Security assessment of operational systems
  • ISO 22301:2019
  • ISO 23081-1:2017
  • ISO 27005:2018
  • ISO 27017:2015
  • ISO 27034-1 Information technology — Security techniques — Application security
  • ISO 27799: 2016, Health informatics — Information security management in health
  • ISO 28000 – Specifications for Security Management Systems for the Supply Chain
  • ISO 31000:2018
  • ISO 37301
  • ISO 55001 – Asset management -- Management systems--Requirements
  • ISO IEC 80001-1:2010
  • ISO/IEC 27001:2013
  • ISO/IEC 27018:2019
  • ISO/IEC 27033-1:2015
  • ISO/IEC 27701:2019
  • NIST 800-207 - Zero Trust Architecture
  • SIG 2022
  • System and Organization Controls (SOC) 1
  • System and Organization Controls (SOC) 2
  • AICPA/CICA Generally Accepted Privacy Principles (GAPP)
  • ARMA - Implementing the Generally Accepted Record Keeping Principles (GARP)
  • CDSA Content Protection & Security Standard
  • CIS Implementation Group 1, Group 2, Group 3
  • CIS Microsoft 365 Foundation Level 1 and 2
  • Cloud Security Alliance (CSA) Cloud Controls Matrix (CCM)
  • COBIT 5
  • FINRA Cybersecurity Checklist
  • ITU X.1052 Information Security Management Framework
  • Joint Commission Information Management Standard
  • Motion Picture Association (MPA) Content Security Best Practices
  • NERC CIP
  • SWIFT Customer Security Controls
  • OWASP ProActive Controls for Developers 2018 v3.0
  • (NAIC) Standards for Safeguarding Customer Information Model Regulation MDL-673
  • PCI DSS v3.2.1
  • Privacy of Consumer Financial and Health Information Regulation, NAIC MDL-672, Q2 2017
  • Revisions to the principles for the sound management of operational risk (Basel III Ops Risks)
  • Standardized Information Gathering (SIG) Questionnaire
  • Trusted Information Security Assessment Exchange (TISAX) 5.1
  • Appendix III to OMB Circular No. A-130 - Security of Federal Automated Information Resources
  • CFR - Code of Federal Regulations Title 21, Part 11, Electronic Records, Electronic Signatures
  • Children's Online Privacy Protection Rule (COPPA)
  • CMMC Level 1, Level 2, Level 3, Level 4, Level 5
  • CMMC v2 Level 1
  • CMMC v2 Level 2
  • CMS Information Systems Security and Privacy Policy (IS2P2)
  • Computer Fraud and Abuse Act (CFAA)
  • Content of Premarket Submissions for Management of Cybersecurity in Medical Devices
  • Criminal Justice Information Services (CJIS) Security Policy
  • Cybersecurity for Networked Medical Devices Containing Off-the-Shelf (OTS) Software - FDA
  • Cybersecurity Maturity Model Certification (CMMC) Levels 1 through 5
  • DFARS
  • e-CFR - Identity Theft Rules
  • Electronic Code of Federal Regulations - Part 748.0 and Appendix A
  • FDIC Privacy Rules
  • Federal Financial Institutions Examination Council (FFIEC) Information Security Booklet
  • FedRAMP Moderate
  • FedRAMP SSP High Baseline
  • Freedom of Information Act (FOIA)
  • FTC Privacy of Consumer Financial Information
  • Gramm-Leach-Bliley Act, Title V, Subtitle A, Financial Privacy
  • HIPAA/HITECH
  • HITRUST
  • Homeland Security Presidential Directive 7: Critical Infrastructure Identification, Prioritization, and Protection
  • IRS - Revenue Procedure 98-25 Automated Records
  • IRS-P1075
  • Minimum Acceptable Risk Standards for Exchanges (MARS-E) 2.0
  • National Archives Universal Electronic Records Management (ERM) Requirements
  • NIST 800-37
  • NIST 800-53 rev.5
  • NIST 800-63 Digital Identity Guidelines
  • NIST 800-78-4: Cryptographic Algorithms and Key Sizes for Personal Identity Verification
  • NIST 800-137A -- Assessing Information Security Continuous Monitoring (ISCM) Programs
  • NIST 800-171
  • NIST 800-184: Guide for Cybersecurity Event Recovery
  • NIST CSF
  • NIST Privacy Framework
  • NIST SP 1800-5 IT Asset Management
  • NIST Special Publication 1800-1 Securing Electronic Health Records on Mobile Devices
  • NIST Special Publication 800-128
  • NIST Special Publication 800-210: General Access Control Guidance for Cloud Systems
  • Sarbanes-Oxley Act
  • SEC 17-4(a)
  • United States of America Privacy Act
  • US - Clarifying Lawful Overseas Use of Data (CLOUD) Act
  • US - Commission Statement and Guidance on Public Company Cybersecurity Disclosures
  • US - Department of Energy (DOE) Assistance to Foreign Atomic Energy Activities
  • US - Family Educational Rights and Privacy Act (FERPA)
  • US - Federal Information Security Modernization Act of 2014 (FISMA)
  • US - Protecting and Securing Chemical Facilities From Terrorist Attacks Act
  • Alabama - Policy 621: Data Breach Notification - DRAFT
  • Alaska - Chapter 48 - Personal Information Protection Act
  • Arizona - Notification of Breaches in Security Systems
  • Arkansas Code Title 4, Subtitle 7, Chapter 110, Personal Information Protection Act
  • California - Civil Code Section 1798
  • California - Database Breach Act (California SB 1386)
  • California - Education Code-EDC, Title 3, Division 14, Part 65, Chapter 2.5- Social Media Privacy
  • California - Privacy Rights Act (CPRA)
  • California - SB-327 Information Privacy: Connected Devices
  • California Consumer Credit Reporting Agencies Act
  • Colorado Privacy Act (CPA)
  • California Consumer Privacy Act (CCPA)
  • Colorado Protections for Consumer Data Privacy
  • Colorado Revised Statutes, Section 6-1-716, Notice of Security Breach
  • Connecticut - Display and Use of Social Security Numbers and Personal Information
  • Connecticut General Statutes - General Provisions for state contractors who receive confidential information
  • Connecticut Information Security Program to Safeguard Personal Information
  • Connecticut State Law - Breach of security re computerized data containing personal information
  • D.C. Law 16-237 - Consumer Personal Information Security Breach Notification Act
  • Delaware - Student Data Privacy Protection Act
  • Delaware Computer Security Breaches- Commerce and Trade Subtitle II - 12B-100 to 12B-104
  • Florida Title XXXII, Chapter 501, Section 501.171, Security of confidential personal information
  • Georgia (US) Personal Identity Protection Act
  • Guam's Notification of Breaches of Personal Information
  • Hawaii - Security Breach of Personal Information Chapter 487N
  • Idaho Identity Theft
  • Illinois (740 ILCS 14/1) Biometric Information Privacy Act
  • Illinois Personal Information Protection Act
  • Indiana Disclosure of Security Breach
  • Iowa - Student Personal Information Protection Act
  • Iowa Code. Title XVI. Chapter 715C. Personal Information Security Breach Protection
  • Kansas Consumer Information, Security Breach Statute
  • Kentucky Data Breach Notification
  • Louisiana Database Security Breach Notification Law (Act No. 382)
  • Maine - Act to Protect the Privacy of Online Consumer Information
  • Maine - Notice of Risk to Personal Data
  • Code of Maryland State Government - Protection of Information by Government Agencies
  • Maryland Personal Information Protection Act - Security Breach Notification Requirements, HB 1154
  • Maryland's Student Data Privacy Act
  • Massachusetts - 201 CMR 17.00: Standards For The Protection Of Personal Information Of Residents Of The Commonwealth
  • Massachusetts Data Breach Notification Law 93H section 1-6
  • Michigan Identity Theft Protection Act
  • Mississippi Security Breach Notification
  • Montana - Impediment of Identity Theft
  • Nebraska's Data Protection and Consumer Notification of Data Security Breach Act
  • Nevada Chapter 603A - Security and Privacy of Personal Information
  • Nevada Senate Bill 220 Online Privacy Law
  • New Hampshire Right to Privacy Act
  • New Jersey Security Breach Disclosure
  • New Mexico Chapter 57 - Privacy Protection (Article 57-12B-1 through 4)
  • New Mexico Consumer Information Privacy Act
  • New Mexico's Data Breach Notification Act
  • New York - 23 NYCRR Part 500
  • New York City Administrative Code - Security Breach Notification
  • New York General Business Law - Data Security Breach Notification and Data Security Protections
  • New York Privacy Act
  • North Carolina - Identity Theft Protection Act
  • North Dakota Chapter 51-30 Notice of Security Breach for Personal Information
  • Ohio - Security Breach Notification
  • Ohio Data Protection Act 2018
  • Oklahoma Security Breach Notification Act
  • Oregon Consumer Identity Theft Information Protection Act
  • Pennsylvania Breach of Personal Information Notification Act
  • Puerto Rico - Citizen Information on Data Banks Security Act
  • Rhode Island - Identity Theft Protection Act
  • South Carolina - Breach Notification
  • South Dakota - Notice of Breach
  • Tennessee 47-18-2107 Release of Personal Consumer Information
  • Texas - Identity Theft Enforcement and Protection Act
  • Texas Privacy Policy to Protect Social Security Numbers
  • Utah Consumer Credit Protection Act
  • Utah Electronic Information or Data Privacy
  • Vermont - Act on Data Privacy and Consumer Protection
  • Virginia Breach of Personal Information Act
  • Virginia Consumer Data Privacy Act (CDPA)
  • Washington DC - Consumer Security Breach Notification Standard
  • West Virginia - Breach of Security of Consumer Information
  • Wisconsin Security Breach Notification
    • Asia Pacific Economic Cooperation (APEC) Privacy Framework
    • Australia - ASD Essential 8
    • Australia - ASD Essential 8 Maturity Level 1
    • Australia - ASD Essential 8 Maturity Level 2
    • Australia - ASD Essential 8 Maturity Level 3
    • Australia - National Archives Act
    • Australia - Public Records Office Victoria Recordkeeping Standards
    • Australia - Spam Act 2003
    • Australia Privacy (Credit Reporting) Code
    • Australia Privacy Act
    • Australia Public Record Act
    • Australian Energy Sector Cyber Security Framework (AESCSF)
    • Australian Information Security Registered Assessor Program (IRAP) with ISM Version 3.5 - Official
    • Australian Information Security Registered Assessor Program (IRAP) with ISM Version 3.5 - Protected
    • Australian Prudential Regulation Authority CPS
    • Victorian Protective Data Security Standards V2.0 (VPDSS 2.0)
    • Information Management Standard for Australian Government - National Archives of Australia (NAA)
    • China - Personal Information Security Specification
    • Cybersecurity Law of the People's Republic of China
    • Hong Kong - Code of Banking Practice and Payment Card
    • Hong Kong - Personal Data (Privacy) Ordinance
    • India Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules
    • India - Information Technology Act
    • Reserve Bank of India Cyber Security Framework
    • Indonesia - Law 11/2008
    • Japan - Act on Prohibition of Unauthorized Computer Access
    • Japan - Common Model of Information Security Measures for Government Agencies and Related Agencies
    • Japan - Common Standards for Information Security Measures for Government Agencies and Related Agencies
    • Japan Privacy Mark - JIS Q 15001: 2017
    • Japanese Act on the Protection of Personal Information (Law No. 57 of 2003)
    • Korea - Credit Information Use And Protection Act
    • Korea - The Act on Promotion of Information and Communications Network Utilization and Data Protection
    • Korea Personal Information Protection Act
    • Malaysia - Personal Data Protection Act (PDPA)
    • Malaysia Risk Management in Technology (RMiT)
    • Myanmar - Law Protecting the Privacy and Security of Citizens
    • Nepal - Right to Information Act
    • New Zealand - Privacy Act / 2020
    • New Zealand - Public Records Act
    • New Zealand - Reserve Bank BS11 Outsourcing Policy
    • New Zealand - Telecommunications Information Privacy Code
    • New Zealand Health Data Retention Policy
    • New Zealand Health Information Privacy Code
    • New Zealand Health Information Security Framework (HISF)
    • New Zealand Information Security Manual (NZISM)
    • Pakistan - Electronic Data Protection Act - DRAFT
    • Philippines BSP Information Security Management Guidelines
    • Philippines Data Privacy Act of 2012
    • Singapore - ABS Guidelines on Control Objectives and Procedures for Outsourced Service Providers
    • Singapore - Banking Act (Cap.19)
    • Singapore - Cybersecurity 2018
    • Singapore - IMDA IoT Cyber Security Guide
    • Singapore - Monetary Authority of Singapore Technology Risk Management Framework
    • Singapore - Multi-Tier Cloud Security (MTCS) Standard
    • Singapore - Personal Data Protection Act / 2012
    • Singapore Spam Control Act
    • Taiwan - Implementation Rules for the Internal Audit and Internal Control System of Electronic Payment Institutions - 2015
    • Taiwan - Implementation Rules of Internal Audit and Internal Control System of Financial Holding Companies and Banking
    • Taiwan - Regulations Governing Approval and Administration of Financial Information Service Enterprises Engaging in Interbank Funds Transfer and Settlement
    • Taiwan - Regulations Governing the Standards for Information System and Security Management of Electronic Payment Institutions
    • Taiwan – Trade Secrets Act
    • Taiwan Personal Data Protection Act (PDPA)
    • Thailand PDPA
    • Taiwan – Trade Secrets Act
    • Uzbekistan - Law of The Republic of Uzbekistan on Personal Data
    • Vietnam - Consumer Rights Protection Law
    • Vietnam - Law of Cybersecurity
    • Vietnam - Law of Network Information Security
    • Vietnam - Law on Information Technology
  • Albania - The Law on the Protection of Personal Data No. 9887
  • Austrian Telecommunications Act 2003
  • Armenia - Law of the Republic of Armenia on the Protection of Personal Data
  • Belarus Law On Information, Informatization and Protection of information
  • Belgium - Act on the Protection of Natural Persons with Regard to the Processing of Personal Data
  • Belgium NBB Dec 2015
  • Bosnia and Herzegovina Law on the Protection of Personal Data
  • Botswana - Data Protection Act
  • Bulgaria Law for Protection of Personal Data 2002
  • Central Bank of Kuwait Cybersecurity Framework
  • Cyprus The Processing of Personal Data Law
  • Czech - Act No. 110/2019 Coll. on Personal Data Processing - 2019
  • Czech - On Cyber Security and Change of Related Acts (Act on Cyber Security) - Act No. 181
  • Denmark - The Data Protection Act
  • Denmark - Executive Order on Information and Consent Required in Case of Storing and Accessing Information in End-User Terminal Equipment
  • Directive 2013/40/EU Of The European Parliament And Of The Council
  • Dubai - Health Data Protection Regulation
  • Dubai Consumer Protection Regulations (Telecommunications Regulatory Authority)
  • Dubai ISR
  • Egypt - Data Protection Law
  • Estonia - Personal Data Protection Act
  • Estonia - The system of security measures for information systems
  • EU - Directive 2006/24/EC
  • EU - ePrivacy Directive 2002 58 EC
  • EudraLex - The Rules Governing Medicinal Products in the European Union
  • European Network and Information Security Agency (ENISA) - Cloud Computing Information Assurance Framework
  • Finland - Data Protection Act
  • Finnish Criteria for Assessment of Information Security of Cloud Services
  • France - The Data Protection Act
  • Georgia Law on Personal Data Protection
  • Germany - Annotated text of the Minimum Requirements for Risk Management
  • Germany - Cloud Computing Compliance Controls Catalog (C5)
  • Germany - Federal Data Protection Act
  • Germany - Supervisory Requirements for IT in Financial Institutions (BAIT)
  • Ghana - Data Protection Act
  • Ireland Data Protection Act
  • Israel - Privacy Protection (Transfer of Data to Databases Abroad) Regulations
  • Israel Privacy Law
  • Jordan Cloud Platforms & Services Policy
  • Kenya Data Protection Act
  • Luxembourg Act
  • Malta - Data Protection Act
  • Mauritius Data Protection Act 2004
  • Republic of Moldova Law on Personal Data Protection
  • Montenegro - Law on Personal Data Protection
  • Nigeria Data Protection Regulation
  • Oman - Electronic Transactions Law
  • Qatar Cloud Security Policy
  • Qatar National Information Assurance (NIA)
  • Romania - Data Protection Law 190/2018
  • Russia - Federal Law 149-FZ On Information, Information Technology and Information Security
  • Russian Federation Federal Law Regarding Personal Data
  • South Africa Consumer Protection ACT 68 2008
  • South Africa Electronic Communications and Transactions Act, 2002
  • South Africa - Promotion of Access to Information Act
  • South African POPIA
  • Slovakia Act on the Protection of Personal Data
  • Spain - Nation Security Framework
  • Switzerland - Federal Act on Data Protection (FADP)
  • Turkey - KVKK Protection of Personal Data 6698
  • UAE - Federal Decree Law on Combating Cyber Crimes
  • UAE - Federal Law Concerning Electronic Transactions and Commerce
  • UAE - Federal Law No 2 of 2019 On the Use of the Information and Communication Technology (ICT) in Health Fields
  • UAE - NESA Information Assurance Standards
  • UAE Data Privacy Law
  • UAE Regulatory Policy TRA - Internet of Things
  • UAE's Federal Decree Law Regulating the Telecommunications Sector
  • Uganda - The Data Protection and Privacy Act
  • UK - Cyber Security for Defence Suppliers Standard 05-138
  • UK - The Offshore Petroleum Activities Regulations / 2011
  • UK Cyber Essentials
  • UK Data Protection Act
  • UK Data Retention Act
  • UK Privacy and Electronic Communications
  • Ukraine - Protection of Personal Data Law
  • Yemen - Yemen Law of the Right of Access to Information
  • Antigua and Barbuda - Data Protection Act /2013
  • Bahamas - Data Protection Act
  • Barbados - Data Protection Bill 2019
  • Barbados - Electronic Transactions Act
  • Bermuda - Electronic Transaction Act
  • Saint Lucia Data Protection Act
  • Trinidad and Tobago Data Protection (Act 13 of 2011)
  • Canada - Breach of Security Safeguards Regulations
  • Canada - British Columbia - Information Privacy & Security - FOIPPA
  • Canada - Office of the Superintendent of Financial Institutions Cyber Security Self-Assessment Guide
  • Canada - Personal Health Information Protection Act (PHIPA) 2020
  • Canada - Personal Information Protection and Electronic Documents Act (PIPEDA)
  • Canada - Protected B
  • Canada Cybersecure - Baseline Cyber Security Controls for Small and Medium Organizations
  • CAN-SPAM Act
  • Information Security Management Act - Province of British Columbia, CA
  • Mexico - Federal Consumer Protection Law
  • Mexico - Federal Law on Protection of Personal Data Held by Private Parties
  • Argentina - Personal Data Protection Act 25.326
  • Brazil - Consumer Protection Code Law No. 8078 (Office 365)
  • Brazil - General Data Protection Law (LGPD)
  • Colombia - Decree No. 1377/2013
  • Colombia - External Circular Letter 007 of 2018
  • Colombia - Law 1266/2008- Habeas Data Act
  • Peruvian Legislation Law 29733 Law of Data Privacy Protection

    • Regulatory Risk Assessments

    We evaluate our clients’ Microsoft tenant and Azure configurations against specific regulatory compliance.

    Microsoft Compliance Manager

    Enables businesses to generate predefined regulatory assessment templates that breakdown requirements into improvement actions associated with Microsoft services.

    Customers at all subscription levels in all organizations receive the included Microsoft Data Protection Baseline template. Additionally, Microsoft offers premium templates for most of the common compliance regulatory bodies.

    Jadex will ensure that the majority of technical improvements are made within the Microsoft 365 Regulatory Enclave. For example, NIST 800-171 assessment completion will be near 80%. The remaining 20% of improvement actions will involve operational and documentation actions by our client.

    Microsoft assessments and their corresponding improvement actions focus on Documentation, Operational, Privacy, and Technical requirements.

    Logo: This image an official logo of Jadex Strategic Group.

    “We transform how people work.”

    Facebook-f Linkedin Instagram Youtube

    Company Details

    • DUNS Number: 078570307
    • CAGE Code: 6TX26
    • NAICS Codes: 541690, 541990, 541611, 54618, 611420, 541370, 541519

    Contact

    Codes & Certs

    • VOSB - self-certified
    • SBA 8(a) - pending

    Services

    PRIVACY POLICY

    TERMS OF USE AND CONDITIONS

    Get Compliance & Security Clarity—Fast, Free, Expert-Led

    Book Free Consult
    X