Accel Infotec’s Security Rule consulting services break down into a two-phased approach. The first phase in assessment is the Gap Analysis. During this phase we determine your organizations’ overall compliance “health,” and during site visits and interviews, we:
- Gain foundational system knowledge and determine use of IT across all lines of business.
- Create a baseline of current security requirements and privacy practices, including employee training.
- Develop the Gap Analysis Report that specifically outlines the weaknesses present in your system(s).
Building from the Gap Analysis Report, the second phase is the Technical Risk Assessment. The Risk Assessment will identify the required remediations necessary to attain compliance based on the Security Rule and your specific environment. It includes:
- Determining whether or not the implementation of non-compliant requirements is Required or Addressable;
- Assessing impact of accepting risk vs. fixing the risk;
- Evaluating the likelihood that existing vulnerabilities will be exploited;
- Developing strategy for how selected weaknesses will be remediated and extent of residual risk, if any;
- Building the Risk Assessment Report, based on the above findings, and beginning remediation efforts.
Unlike the technically-based Security Rule, the Privacy Rule outlines the required, permitted, and authorized use and sharing of clients information. The Privacy Rule is concerned with policy and procedure, and ensuring your personnel understands how to handle individual’s data lawfully.
Contact our consultants at [email protected] and see how we can help you comply to IT governances with a very cost effective packages