Security Audit Services |
| To protect networks and data from a determined attack, an organization needs assurance and understanding of the technical security of the network, along with adherence to security policy, organizational controls, and incident response procedures. To help mitigate information security risks, all networks should possess the following characteristics: |
- Security Policy
Networks should have an associated defined security policy that specifies information security requirements (e.g., confidentiality, integrity, availability, auditing, access control, etc.) as well as what users may and may not do on the network (e.g., what constitutes unauthorized and illegal activities).
- Organizational and Operational Controls
A thorough and up-to-date organizational structure is important to provide a well-defined and orderly business environment, including formalized organization charts, current job descriptions for each position in the organization, and current operating policies and procedures. Proper levels of responsibilities should be clearly defined for adequate segregation of duties.
- Logical Security Controls
Computer files should be protected from unnecessary or unauthorized access by controls that reduce the risk of intentional or unintentional misuse, theft, alteration, or destruction.
- Physical Security Controls
Protective measures against intentional and accidental threats mean providing adequate physical protection of an organization’s computer equipment.
|
During our overall network security assessment, we conduct internal and external intrusion testing as well as:
- Assess current information system (IS) control policies and procedures.
- Conduct an in-depth evaluation of manual and automated controls as compared against industry best practices.
- Assess vulnerabilities or exposures to your e-commerce or Internet-based initiatives.
- Review your facility, including physical security and environmental controls.
- Interview IS management and departmental end-users.
- Review your business continuity plans used in the event of unexpected system failures.
HIPAA Compliance Services
Protect Your Patients and Your Reputation
The Centers for Medicare and Medicaid Services has published the first of seven educational papers giving guidance on the HIPAA security rule. The rule has a compliance date of April 20, 2005, for most covered entities. Very small payers have an additional year.
Initial efforts to comply with HIPAA were time consuming and required significant change. Performing a Privacy Audit is the only effective method to document ongoing steps to maintain HIPAA compliance. Protecting patient health information can be an extremely time-consuming task, and ensuring that your organization is in compliance with the standards set up by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) can make it overwhelming. Our information security consultants have experience delivering data security solutions to a variety of health care entities. |
 |
Failure to adequately protect patient information could lead to both financial losses and significant goodwill losses within patient and industry communities. Any health care provider, health care clearinghouse, or health plan that electronically maintains or transmits an individual’s health information must adhere to HIPAA's Standards for Privacy of Individually Identifiable Health Information. Further, any of those health care entities that employ electronic signatures in transactions covered by HIPAA must comply or face fines up to $250,000.
We will tailor our services to meet your HIPAA compliance needs.
Many have professional certifications in their specified areas, including:
|
