Be prepared for security audits. Meet or exceed compliance and regulatory requirements of industry or government standards. HCC provides gap analyses, audits and reports on compliance, with expertise in the Information Technology security standards applicable to your organization and business:
- NIST 800-53, FDCC
- ISO27001, 27002 (formerly ISO 17799)
- SOX, GLBA, SAS-70
- Business Continuity and Disaster Recovery Planning
BC/DR Planning is critical component of most Enterprise Security Audits and is a specified part of HIPAA and HITECH compliance. Even if mandated compliance to a regulatory body is not your goal – it is still important to every business. Business Continuity and Disaster Recovery Planning – a critical subset of tasks of Risk Management: measuring the probability of what could occur; analyze the likeliness that an “event” or “disaster” will happen; quantify the impact to your organization should a catastrophe affect your business; finally, defining what action to take if your organization is faced with that catastrophic event or disaster.
You need to have a PLAN – let our experts help you. As a 3rd party consultant we will see things you might over look or take for granted – we won’t. We will ask the hard questions. We help you make informed decision about where to spend the BC/DR resource dollars you do have so your plan is the most cost effective for your unique business environment.
Security Policy Documentation
Formal Security Policies are a part of most regulatory compliance audits including HIPAA, PCI and HITECH. These policies are frequently overlooked, written and forgotten, simply in adequate or worse yet contrary to security best practices. These policies dove tail into BC/DR and can either help or hinder your overall security posture.
Our experts can help you evaluate or craft policies that will meet or exceed regulatory compliance for Security Training to HR Personnel to Change Management Policy.
HIPAA Audits – HITECH Audits
This is one of our key strengths and core competencies! We are experts at evaluating your policies, procedures and security practices against HIPAA Rules. HCC delivers the results in a professional document package crafted by the same professional auditor that performed the scans, reviewed your policies, assessed your system configurations and interview your personnel.
The new HITECH regulations make audits necessity for all health care providers and their partners – a simple letter or memorandum with no longer suffice and ignorance is no longer an option…Along with the new incentive fund came stiff penalties.