Legal and compliance scope

Last updated: 2026-06-02

Plain-English position

PAFDS Technologies helps customers design, implement, document, monitor, and support technology controls. PAFDS does not act as a law firm, CPA firm, insurance broker, auditor, payment brand, government agency, or regulator. Nothing on this website is legal, tax, accounting, insurance, audit, or regulatory advice.

The customer's legal obligations remain the customer's responsibility unless a signed written agreement says otherwise. Regulated work must be scoped before PAFDS handles regulated data or represents that specific compliance controls are implemented.

Written scope required

  • Managed services, projects, SLAs, travel, onsite work, and deliverables require written scope.
  • Regulated data handling requires approved secure channels and written handling rules.
  • Vendor coordination requires customer authorization and clear ownership.
  • Changes that affect production systems require authorization, evidence, and rollback planning when appropriate.

B2B and multi-company projects

PAFDS can adapt to direct, B2B, subcontracted, overflow, or multi-company delivery models. Multi-party work requires a written chain of authority, named contacts, data-sharing limits, access approvals, security rules, change control, incident communications, acceptance criteria, intellectual-property terms, insurance requirements, and payment terms before production work begins.

Wireless, remote-work, platform, database, and reporting work

Enterprise Wi-Fi surveys, WAP installation, managed laptops, hybrid employee support, secure work-from-home enablement, remote access, Cisco switching, Meraki networks, pfSense, SonicWall, Fortinet, VMware, Hyper-V, Proxmox, Kubernetes, SQL databases, MongoDB, MongoDB Atlas, dashboards, operational tracking, and reporting systems must be scoped around the actual business environment. Required evidence may include diagrams, heat-map style survey results, switch and PoE checks, SSID/VLAN validation, device compliance notes, access-control policy checks, backup/restore proof, rollback notes, acceptance tests, as-built records, and closeout reports.

National onsite services

PAFDS is based in West Virginia and can schedule onsite services anywhere in the USA when scope supports travel. West Virginia customers can receive faster regional support. National onsite work is subject to local requirements, site access, safety, permits, licensing, insurance, taxes, subcontractor availability, and written approval.

Regulated industry work

PAFDS can support regulated environments by implementing technical safeguards, evidence trails, documentation, backups, security controls, access controls, logging, vendor coordination, and recovery planning. Customer counsel or compliance advisors should determine which laws, regulations, contracts, insurance requirements, and audit standards apply.

Healthcare and HIPAA

Healthcare work that involves protected health information requires written scope and, when applicable, a Business Associate Agreement before PAFDS handles PHI or ePHI. PAFDS can help implement and document technical safeguards, but does not provide legal determinations about HIPAA compliance.

Financial services and GLBA

Financial customer information and Safeguards Rule work require a written information-security scope, service-provider terms, risk assessment, access control, monitoring, incident-response, and customer-approved governance responsibilities.

Payment cards and PCI DSS

PAFDS does not need payment card data through public forms or normal support channels. Any environment that stores, processes, transmits, or can affect cardholder data must be scoped separately with the customer's payment processor, acquiring bank, payment brand, QSA, or PCI advisor as applicable.

Privacy and security

PAFDS uses practical data minimization, access control, documentation, and security practices. State, federal, sector, international, employee, consumer, and breach-notification obligations vary by customer and location and must be reviewed for the actual business.

Accessibility

PAFDS aims to make its public website usable and accessible, and provides an accessibility contact path. Accessibility is an ongoing process, not a one-time legal guarantee. See the accessibility statement for details.

Marketing communications

PAFDS does not use the public contact form as consent for unlawful spam, robocalls, or robotexts. Marketing email, calls, and texts must follow applicable consent, identity, opt-out, do-not-call, and anti-deception rules.

Required next step for full coverage

For stronger legal protection, PAFDS should maintain attorney-reviewed operating documents: Master Services Agreement, Statement of Work template, SLA, privacy/data-processing addendum, security addendum, Business Associate Agreement, subcontractor agreement, travel/onsite terms, incident-response terms, marketing consent language, insurance review, and state-by-state registration/licensing review for national work.