IT Security - Your Data Safe and Secure

HIPAA requires an annual security risk assessment.

The protection of critical and sensitive information is a growing priority for many businesses. Several factors contribute to the growing threats to your business every day:

Federal compliance regulations address this risk by requiring that many organizations complete a periodic (often annual) Security Assessment. Failure to complete the required assessments and take appropriate security steps can result in high fines and penalties on top of the potential consequences of a breach.

Loricca’s Security Risk Assessment Findings and Recommendations Report

Loricca’s HIPAA Security Assessment Findings and Recommendations report provides Executive Management with the information needed to:

The HIPAA Security Risk Assessment includes:

  • Identifying security “gaps” within the organization
  • Determining the overall security posture (technical, administrative, and physical)
  • Network penetration testing (blind/internal/external) and vulnerability analysis
  • Documenting threats and/or vulnerabilities with operations and IT security
  • Review of existing corporate Policy and Procedures
  • Review of DRP (disaster recovery plan) and Business Continuity
  • Providing detailed Findings & Recommendations with prioritized ‘next steps’
  • Knowledge transfer with key personnel and management presentation of findings

Customized HIPAA Security Risk Assessment Services

Loricca offers scalable information security assessment solutions that can be fully individualized to meet an organization’s unique needs.  A Security Assessment is a logical place to begin; it establishes a baseline for understanding the near-term and long-term security posture of the enterprise.  It also offers an objective, third-party perspective on the efficiency of implemented security practices and mechanisms.

The HIPAA Security Assessment can include any of the following information security areas:

  • Media Security – protection of physical storage media including paper documents
  • Hardware Security – hardware maintenance and change controls, anti-theft, anti-tampering
  • Software Security – software maintenance and change controls, software integrity, software copyright/licensing compliance, privileged program controls, anti-virus and related malicious software safeguards, database security, security design on new systems
  • Network Security – network device security, communications security, network access controls, Internet/Web security, intrusion detection, vulnerability testing, PBX/voice system security, network change controls, firewalls & proxy servers, dial-up access security, encryption, e-mail security
  • Host (System) Security – multi-user and single user (workstation) computer operating system access controls including user authentication, data access authorization, audit logs; application security
  • Administrative Security – information security charter, policies, and procedures, organization, roles & responsibilities, auditing, awareness, IT change controls
  • Personnel Security – background checks, non-disclosure agreements, training, professional development, terminations & transfers, contracts
  • Disaster Recovery/Business Resumption Planning – Fault tolerance/redundancy, business impact analysis, recovery/continuity planning and testing
  • Physical Security – facilities access control, security awareness, location analysis

Loricca also offers assessment and testing services specific to:

Contact Loricca Today
Contact us today to evaluate your company’s assessment needs and to learn more.