HIPAA requires an annual security risk assessment.
The protection of critical and sensitive information is a growing priority for many businesses. Several factors contribute to the growing threats to your business every day:
- Widespread implementation of new cloud-based information storage and retrieval systems.
- Increased web application access to sensitive data by mobile devices.
- More advanced and aggressive tools and tactics at the disposal of cyber criminals.
Federal compliance regulations address this risk by requiring that many organizations complete a periodic (often annual) Security Assessment. Failure to complete the required assessments and take appropriate security steps can result in high fines and penalties on top of the potential consequences of a breach.
Loricca’s Security Risk Assessment Findings and Recommendations Report
Loricca’s HIPAA Security Assessment Findings and Recommendations report provides Executive Management with the information needed to:
- Mitigate risk,
- Prioritize compliance initiatives,
- Increase awareness among the staff and
- Improve the overall security of Information Technology (IT) and business critical data.
The HIPAA Security Risk Assessment includes:
- Identifying security “gaps” within the organization
- Determining the overall security posture (technical, administrative, and physical)
- Network penetration testing (blind/internal/external) and vulnerability analysis
- Documenting threats and/or vulnerabilities with operations and IT security
- Review of existing corporate Policy and Procedures
- Review of DRP (disaster recovery plan) and Business Continuity
- Providing detailed Findings & Recommendations with prioritized ‘next steps’
- Knowledge transfer with key personnel and management presentation of findings
Customized HIPAA Security Risk Assessment Services
Loricca offers scalable information security assessment solutions that can be fully individualized to meet an organization’s unique needs. A Security Assessment is a logical place to begin; it establishes a baseline for understanding the near-term and long-term security posture of the enterprise. It also offers an objective, third-party perspective on the efficiency of implemented security practices and mechanisms.
The HIPAA Security Assessment can include any of the following information security areas:
- Media Security – protection of physical storage media including paper documents
- Hardware Security – hardware maintenance and change controls, anti-theft, anti-tampering
- Software Security – software maintenance and change controls, software integrity, software copyright/licensing compliance, privileged program controls, anti-virus and related malicious software safeguards, database security, security design on new systems
- Network Security – network device security, communications security, network access controls, Internet/Web security, intrusion detection, vulnerability testing, PBX/voice system security, network change controls, firewalls & proxy servers, dial-up access security, encryption, e-mail security
- Host (System) Security – multi-user and single user (workstation) computer operating system access controls including user authentication, data access authorization, audit logs; application security
- Administrative Security – information security charter, policies, and procedures, organization, roles & responsibilities, auditing, awareness, IT change controls
- Personnel Security – background checks, non-disclosure agreements, training, professional development, terminations & transfers, contracts
- Disaster Recovery/Business Resumption Planning – Fault tolerance/redundancy, business impact analysis, recovery/continuity planning and testing
- Physical Security – facilities access control, security awareness, location analysis
Loricca also offers assessment and testing services specific to:
- HIPAA Risk Assessment and Conformance Assessment
- Mobile Application Testing
- Network Vulnerability Testing
- Social Engineering Testing
Contact us today to evaluate your company’s assessment needs and to learn more.