Healthcare IT Risk Management Solutions

Our Differentiators

• Security experience
  − We average over 10 years experience in information security as engineers, developers, managers and consultants.
• Commitment to customer service
  − We focus solely on the security of health information, and make sure when working with your organization that questions are answered, problems solved, and knowledge shared.
• Hands-on Approach
  − All consultants have experience in industry and have faced the challenges of deadlines, politics, limited budgets, and business goals. We go beyond delivering a report and will improve your organization’s security.

Security Risk Assessment Methodology

We assesse our clients’ Information Security Programs through interviews, document and log file review, system assessments, and physical inspections.

We use our proprietary Security Program Maturity Model, based on international standards, industry best practices, and our experience at other leading companies, to assess the maturity of the client’s program and identify improvements.

We identify improvements based on the risk that each improvement mitigates, the ease of implementation, and business goals.

Performing a security risk assessment is a component of “Meaningful Use” of EHRs, and required to receive stimulus funds.

Security Risk Assessment Deliverable: Diagnosis

Our Security Program Maturity Model points out gaps in the key areas of Information Security Management, and identifies what components are fully mature, works in progress, or needing improvement.

Security Risk Assessment Deliverable: Prescription

We provide an Improvements Roadmap that guides the Client towards a mature, best-practices driven Information Security Program.

Security Risk Assessment Deliverable: Impact

• Helps you understand where your organization’s security risk exists
• Provides a comprehensive view of security risk, not just in the IT area
• Highlights where security efforts will have the highest return on investment (ROI)
• Identifies “quick hits” as well as more sustained efforts that will improve your organization’s security posture
• Provides a baseline to measure progress against

Confidentiality	Integrity	Availability	Governance, Risk, and Compliance
Information Security Program Development	Application Architecture Design Review	Disaster Recovery Planning	Governance, Policies and Standards development
Gap Analysis versus key security standards	Secure SDLC Review	Business Continuity Planning	Health Information risk management
Identity and access management strategy	Application and Network Penetrating testing	BCP / DR tests and exercises	Compliance scorecards and regulatory reviews
Vendor Risk Management	Data Lifecycle Model and Review	BCP / DR program Assessment	Data forensics
Security operations - review and development	IT Change Management	Datacenter design	Incident response and breach notification
Security training and awareness	Threat modeling	Service Delivery Improvement (ITIL)	Logging and Monitoring: reviews and design

 

About Us | Industry Focus | Employers | Your Career | Jobs |Services