Fedramp certification & Cybersecurity & Compliance Firm

The HIPAA Safe Harbo r Act was designed to limit the fines associated with a data breach for healthcare organizations that implement “recognized security practices.” Do you have your cybersecurity practices in place? Learn more about how to identify what you need to mitigate risk. Organizations that take proactive steps to implement cybersecurity initiatives to protect their customers and employees are becoming more commonplace. Yet, there are still many examples of organizations falling victim to bad actors’ efforts to steal sensitive information for financial gain. This scenario has become a more common tale within the healthcare industry, especially as malicious players continue to take advantage of the COVID-19 pandemic. In fact, according to the Cybersecurity & Infrastructure Security Agency (CISA), personal health information (PHI) is estimated to be worth 10-20 times the value of credit card data on the dark web. Data breaches targeting PHI are clearly not going away, crea...

  HITRUST certification just got quicker, more affordable, and less complex. Learn more about HITRUST i1 and why it could be a gamechanger for your organization. The HITRUST Alliance has announced the HITRUST Basic Current State (bC) Assessment and the HITRUST Implemented One-Year (i1) Assessment, two new additions to their portfolio of assessment services that will be released at the end of 2021. While the names bC and i1 may call to mind sleek sports cars or high-powered computer chips, they actually won’t add on a host of new features or added complexity. In fact, it’s what’s not included in these assessments when compared to the standard HITRUST Risk-Based, Two-Year (r2) Assessment (formerly known as the HITRUST CSF Validated Assessment) that makes them appealing. HITRUST i1, in particular, will be a game changer for compliance. Before you can decide if either of these new assessments are a good fit for your organization, let’s take a look at what they are and how they compare...

  Your organization can’t afford to lose valuable government contracts. Protect your business by bolstering your organization’s ability to comply with NIST800-171. Government contracts are highly lucrative, but also tough to secure and manage. That’s because the Federal Government deals with a lot of classified and controlled information on a day-to-day basis. Any contractors or subcontractors who wish to work with the Federal government must, therefore, have security procedures in place to protect that sensitive information. National Institute of Standards and Technology (NIST) 800-171 is a mandate that states that federal contractors and subcontractors that handle, transmit, or store controlled unclassified information (CUI) must comply with certain standards to protect that data. Compliance with NIST 800-171 is required under Defense Federal Acquisition Regulation Supplement (DFARS) Clause 252.204-7012. What is Controlled Unclassified Information (CUI)? CUI is information crea...

  Our 2021 Compliance Benchmark Report found that more than 71% of organizations say that an increasing focus on privacy has impacted their compliance practices and audits. Learn more about what that impact looks like. Privacy is at the forefront of regulators’ minds and therefore, greatly impacting compliance programs across the globe. It’s not just regulators who are taking note of new privacy laws — consumers are concerned about their privacy and data, too. A recent KPMG survey noted that 86% of consumers feel a growing concern about data privacy and 78% are worried about the amount of data being collected about them. With a magnifying glass on privacy concerns — from regulators and consumers — organizations are naturally concerned about their ability to ease consumer fears and avoid massive regulatory fines. In our 2021 Compliance Benchmark Report , we asked more than 200 cybersecurity, IT, quality assurance (QA), internal audit, finance, and other professionals if the increasi...