IT Governance – End-to-End Security Auditing and Assessments

Accel Infotec’s Security Rule consulting services break down into a two-phased approach. The first phase in assessment is the Gap Analysis.  During this phase we determine your organizations’ overall compliance “health,” and during site visits and interviews, we:
security-compliance-and-audits

  • Gain foundational system knowledge and determine use of IT across all lines of business.
  • Create a baseline of current security requirements and privacy practices, including employee training.
  • Develop the Gap Analysis Report that specifically outlines the weaknesses present in your system(s).

Building from the Gap Analysis Report, the second phase is the Technical Risk Assessment. The Risk Assessment will identify the required remediations necessary to attain compliance based on the Security Rule and your specific environment.  It includes:

  • Determining whether or not the implementation of non-compliant requirements is Required or Addressable;
  • Assessing impact of accepting risk vs. fixing the risk;
  • Evaluating the likelihood that existing vulnerabilities will be exploited;
  • Developing strategy for how selected weaknesses will be remediated and extent of residual risk, if any;
  • Building the Risk Assessment Report, based on the above findings, and beginning remediation efforts.

Unlike the technically-based Security Rule, the Privacy Rule outlines the required, permitted, and authorized use and sharing of clients information. The Privacy Rule is concerned with policy and procedure, and ensuring your personnel understands how to handle individual’s data lawfully.

As part of its Privacy Rule compliance services, Accel Infotec will initially identify the existing inventory of privacy policy documentation maintained by your organization. That documentation will be thoroughly reviewed so we may ascertain the extent to which your organization is Privacy Rule compliant.  From there, we will build a Privacy Policy Report that specifically explains what policies and procedures are missing and/or incomplete, and the steps necessary to become compliant.  Finally, Accel Infotec will create new and edit existing policies as needed, consistent with the Privacy Policy Report.

Contact our consultants at info@accelinfotec.com and see how we can help you comply to IT governances with a very cost effective packages.