Suttertek LLC - Home webpage

IT Compliance

Laws and Regulations and Data Management Standards

Compliance and regulatory frameworks are sets of guidelines and best practices. Organizations follow these guidelines to meet regulatory requirements, comply with laws on data, improve processes, strengthen security, follow standards and best practices on data management, and achieve other business objectives (such as becoming a public company, or selling cloud solutions to government agencies).

We cover many of them, such as:

Laws and Regulations

SOX, FACTA, FERPA, FISMA, GDPR, GLBA, HIPAA / HITECH, FedRAMP
Data Management Standards

FFIEC, ISO 9001, ISO 27001, NIST, PCI, Penetration Test, COBIT, SOC, IT Due Diligence

SOX > Sarbanes Oxley - The Sarbanes Oxley Act of 2002 (SOX) has very specific stipulations and requirements related to information security and data governance that apply to all publicly held U.S. companies, international companies with SEC registered securities and to third-party firms that provide financial services to these companies.

FACTA > The Fair and Accurate Credit Transactions Act red flags rule requires financial institutions to demonstrate they have taken sufficient steps to protect consumers against identity theft.

FERPA > The Family Educational Rights and Privacy Act aims to protect the privacy of student education records and prevent unauthorized access to them. It applies mainly to educational institutions.

FISMA > The Federal Information Security Management Act requires federal agencies to have a robust information protection plan in place. It aims to help protecting information held on federal information systems.

GDPR > The General Data Protection Regulation applies to all organizations that collect and process data that belongs to European Union (EU) citizens. It has specific requirements related to privacy, security, data control, and governance.

GLBA > The Gramm-Leach Bliley Act is a U.S. federal regulation that requires financial institutions to ensure the confidentiality and integrity of the non-public personal information of their customers.

HIPAA / HITECH > The Health Insurance Portability and Accountability Act requires organizations dealing with Protected Health Information (PHI) and Electronic Protected Health Information (ePHI) to protect that data, and to require its business associates such as vendors to also comply. The Health Information Technology for Economic and Clinical Health Act is part of an economic stimulus package created to promote and expand the adoption of health information technology, specifically the use of Electronic Health Records (EHRs) by healthcare providers. In sum, HIPAA protects patient privacy, and HITECH promotes health technology through funding.

FedRAMP > The Federal Risk and Authorization Management Program is a standardized way for government agencies to evaluate the risks of cloud-based solutions. It follows a “do it once, use it many times” approach, allowing existing security assessments and packages to be reused across multiple agencies. Since continuous monitoring of cloud products and services is at the core of the framework, it can improve real-time security visibility for organizations.

FFIEC > The Federal Financial Institutions Examination Council is a formal U.S. government interagency body composed of five banking regulators that is empowered to prescribe uniform principles, standards, and report forms to promote uniformity in the supervision of financial institutions.

ISO 9001 > The International Organization for Standardization, sub-framework 9001 consists of a set of guidelines for organizations to implement a standardized approach to quality management.

ISO 27001 > Gap Analysis - The International Organization for Standardization, sub-framework 27001 consists of a set of guidelines for organizations to implement a standardized approach to information security.

NIST Gap Analysis > The National Institute of Standards and Technology is a physical sciences laboratory and non-regulatory agency of the United States Department of Commerce. Its mission is to promote American innovation and industrial competitiveness.

PCI Gap Analysis > The Payment Card Industry Data Security Standard (PCI DSS) is an information security standard for organizations that handle branded credit cards from the major card schemes. The PCI Standard is mandated by the card brands but administered by the Payment Card Industry Security Standards Council. The standard was created to increase controls around cardholder data to reduce credit card fraud.

Penetration Test > The PCI DSS requirements mandate that organizations perform comprehensive infrastructure penetration tests of several types. These are highly technical and detailed tests. Pen tests reports are also a great source of information for IT Security.

COBIT > The Control Objectives for Information and Related Technology framework helps organizations meet business challenges in the areas of regulatory compliance, risk management and aligning IT strategy with organizational goals.

SOC > System and Organization Control. Organizations are making their vendors obtain SOC attestation reports, as mandated by the Statement on Standards for Attestation Engagements Number 16 and 18 ( SSAE 16 and SSAE 18 ). In brief, a SOC report is the compendium of safeguards built within the control base of the data and is also a check if those safeguards work or not. There are 3 types of reports, SOC 1, SOC 2, and SOC 3. There are two types of SOC 1 and Soc 2 reports: SOC 1 Type 1 and Type 2, and SOC 2 type 1 and Type 2.

IT Due Diligence > During Mergers & Acquisitions (M&A), a comprehensive assessment of the company's IT Department is provided to the prospective investor. It identifies potential risks or flaws in the IT governance, the current state of the technology, and the strengths and weaknesses in areas such as infrastructure, software, processes, and personnel, considering the cultural and interpersonal relationships among employees to verify the operations are running smoothly without conflicts in the IT Department.

Software engineering Development Services

We build custom software solutions. Software Strategy, Engineering, and Design.

Backend Development

We use the languages that handle the "behind-the-scenes" functionality of web applications. It’s code that connects the web to a database, manages user connections, and powers the web application itself. Our Backend development team works in tandem with the front end to deliver the final product to the end user.

Frontend

Our Front End Developers, Web Designer and UI/UX designers focus on User Interface and User Experience taking care of the visual aspects of the design of the site while conducting multiple user testing to ensure the site is working well exactly as our customer users requires.

Mobile

You may already have a few good mobile app ideas for your business, and that’s a good place to start. Developing mobile apps for multiple platforms (cross platform development) is definitely in your best interest. This will ensure your app works on every mobile device and doesn’t neglect any users.

IT Outsourcing

IT Personnel based on the companies needs

We combine the cost savings and efficiencies of outsourcing with the opportunities to empower and facilitate your business grow and success. Providing a variety of option whether your needs are short or long term; require IT Developers, Project Managers, Analysts, Auditors, Trainers, Product Managers, Marketing and/or Sales; located inshore, outshore, nearshore; or any combination.

Suttertek is a US based company with connection worldwide that can provide the right talent for the time needed with specific skills.

IMPORTANT: We also provide local US talent for foreign companies that require presence in the US market.

Our Story

Suttertek was officially founded in Miami, Florida, USA in 2018, however the company exists as a singular person doing business as (d.b.a.) since 2002 with the name of Suttertech.

The founder, Arturo Sutter, initially created the company to do side jobs to fulfill demand on his business and technology expertise from neighbors and small companies, but rapidly the word of mouth increased demand for medium size and well-known corporations.
Mr. Sutter still preferred the comfort of the corporate jobs environment that he entered at 19 years of age as a computer programmer. He climbed the corporate ladder in different Fortune 500 corporations always in Information Technology.
After traveled all over the world a significant deal of time and been there done that in the corporate world; in 2017 it was about time to dedicate to Arturo's creation and focus to the business that he loves and the profession he excels in.

Suttertek LLC started providing IT Compliance advice for companies that go public, IPO (Initial Public Offering) or need to keep-up with the SEC (Securities and Exchange Commission) requirements or other regulated data laws and/or data standards. At the same time, excellent professionals joined the business success and became the best value an organization can have, their individuals.

Suttertek has 3 very defined lines of business:

IT Compliance (IT audits, gap-analysis, security awareness, IT due diligence, and all legal regulations and standards, related to information technology)

Software Development (webpages and mobile apps)

IT Outsourcing (provides IT Project Managers, Developers, Auditors, and all IT personnel based on customers' demand)

Today, Suttertek is still growing, evolving, and constantly adopting new technologies and methodologies. The company believes that success is a mixed of applied knowledge, experience, creativity, and passion, but most of all, is being among good people. These values are clearly reflected in the Company's core principles.

Our Core Principles

Mision

To provide authentic added value to our customers, vendors and investors through applying professional knowledge, technology and passion.

Vision

To promote a healthy business environment that produces prosperity and peaceful meaning for all individuals.

Values

Passion, Integrity, Innovation, Accountability and Partnership.

Our hard working Team

These individuals make up the highest levels of management at Suttertek, and each specializes in a different area of managing the business. They lead our extraordinary group of people that make it happen.

Ana Gotay

Consulting Director

Art Sutter

CEO & Founder

Mariano Peyregne

CTO

Rodrigo García Ribeiro

Director of Development

Sergio Bioj

Network Installation Management Director

Contact Us

Our headquarters are located in the magic city near the MIA International Airport by the city of Doral, in the Sunshine State of Florida, in the USA.

Our Address

7950 NW 53 Street, Suite 337, Miami, FL 33166, USA

Email Us

info@suttertek.com

Call Us

+1-305-998-1626

Welcome to

Professional IT Global Management