HITRUST CSF Assurance Program HITRUST, Frisco, TX. All Rights Reserved.

Similar documents
The HITRUST CSF. A Revolutionary Way to Protect Electronic Health Information

The Future of HITRUST

HITRUST CSF Updates: How v10 and MyCSF 2.0 Improve Your HITRUST Experience. Michael Frederick, HITRUST VP Operations Ken Vander Wal, HITRUST CCO

Model Approach to Efficient and Cost-Effective Third-Party Assurance

HITRUST Common Security Framework - Are you prepared?

SECURETexas Health Information Privacy & Security Certification Program

HITRUST CSF: One Framework

HITRUST ON THE CLOUD. Navigating Healthcare Compliance

Altius IT Policy Collection Compliance and Standards Matrix

CSF to Support SOC 2 Repor(ng

How To Establish A Compliance Program. Richard E. Mackey, Jr. SystemExperts Corporation

Exploring Emerging Cyber Attest Requirements

Altius IT Policy Collection Compliance and Standards Matrix

Information Security Risk Strategies. By

Introduction to the HITRUST CSF. Version 8.1

2018 HIPAA One All Rights Reserved. Beyond HIPAA Compliance to Certification

FRAMEWORK MAPPING HITRUST CSF V9 TO ISO 27001/27002:2013. Visit us online at Flank.org to learn more.

INTO THE CLOUD WHAT YOU NEED TO KNOW ABOUT ADOPTION AND ENSURING COMPLIANCE

Risk Management Frameworks

Peer Collaboration The Next Best Practice for Third Party Risk Management

Perspectives on Navigating the Challenges of Cybersecurity in Healthcare

SERVICE ORGANIZATION CONTROL (SOC) REPORTS: WHAT ARE THEY?

COBIT 5 With COSO 2013

SOC for cybersecurity

Vendor Security Questionnaire

Best Practices & Lesson Learned from 100+ ITGRC Implementations

Certified Information Security Manager (CISM) Course Overview

Don t Be the Next Headline! PHI and Cyber Security in Outsourced Services.

Engaging Executives and Boards in Cybersecurity Session 303, Feb 20, 2017 Sanjeev Sah, CISO, Texas Children s Hospital Jimmy Joseph, Senior Manager,

Altius IT Policy Collection

HIPAA Security and Privacy Policies & Procedures

BHConsulting. Your trusted cybersecurity partner

[DATA SYSTEM]: Privacy and Security October 2013

Welcome ControlCase Conference. Kishor Vaswani, CEO

Table of Contents. Preface xvii PART ONE: FOUNDATIONS OF MODERN INTERNAL AUDITING

Introduction. Angela Holzworth, RHIA, CISA, GSEC. Kimberly Gray, Esq., CIPP/US. Sr. IT Infrastructure Analyst

Trust is not a Control... But you s1ll have to have it. (Or How I learned to Stop Worrying and (HI)TRUST Control Compliance Suite)

PROFESSIONAL SERVICES (Solution Brief)

Sage Data Security Services Directory

Introduction to the HITRUST CSF. Version 9.1

Career Paths In Cybersecurity

Ready, Willing & Able. Michael Cover, Manager, Blue Cross Blue Shield of Michigan

Checklist for Applying ISO 27000, PCI DSS v2 & NIST to Address HIPAA & HITECH Mandates. Ali Pabrai, MSEE, CISSP (ISSAP, ISSMP)

Effective Strategies for Managing Cybersecurity Risks

MyCSF User Guide. Prepared By: HITRUST Frisco Square Blvd. Suite 327. Frisco, Texas P: (469) F: (469)

Living with HIPAA: Compendium of Next steps from Rural Hospitals to Large Health Systems to Physician Practices

Cyber Criminal Methods & Prevention Techniques. By

01.0 Policy Responsibilities and Oversight

Mapping BeyondTrust Solutions to

t a Foresight Consulting, GPO Box 116, Canberra ACT 2601, AUSTRALIA e foresightconsulting.com.

Aligning IT, Security and Risk Management Programs. Ahmed Qurram Baig, CISSP, CBCP, CRISC, CISM Information Security & GRC Expert

Academic Medical Centers & Vendor Security: Most Comprehensive Study to Date

Compliance & Security in Azure. April 21, 2018

HITRUST CSF Roadmap for 2018 and Beyond HITRUST Alliance.

Sirius Security Overview

Auditing and Monitoring for HIPAA Compliance. HCCA COMPLIANCE INSTITUTE 2003 April, Presented by: Suzie Draper Sheryl Vacca, CHC

Data Security Standards

Leveraging HITRUST CSF Assessment Reports

Four Deadly Traps of Using Frameworks NIST Examples

TEL2813/IS2820 Security Management

Does a SAS 70 Audit Leave you at Risk of a Security Exposure or Failure to Comply with FISMA?

Introduction to AWS GoldBase

Achieving third-party reporting proficiency with SOC 2+

How to implement NIST Cybersecurity Framework using ISO WHITE PAPER. Copyright 2017 Advisera Expert Solutions Ltd. All rights reserved.

What is Penetration Testing?

HIPAA Compliance: What it is, what it means, and what to do about it. Adam Carlson, Security Solutions Consultant Intapp

New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines

The importance of STANDARDS to ensure ACCOUNTABILITY and GOVERNANCE in ehealth-ict security processes

The Convergence of Security and Compliance. How Next Generation Endpoint Security Manages 5 Core Compliance Controls

The Convergence of Security and Compliance

Title: Planning AWS Platform Security Assessment?

Evaluating the Security of Your IT Network. Vulnerability Scanning & Network Map

University of Sunderland Business Assurance PCI Security Policy

Telos and Amazon Web Services (AWS): Accelerating Secure and Compliant Cloud Deployments

Risk Analysis Guide for HITRUST Organizations & Assessors

Healthcare Privacy and Security:

Security In A Box. Modular Security Services Offering - BFSI. A new concept to Security Services Delivery.

Security Audit What Why

PCI compliance the what and the why Executing through excellence

BHConsulting. Your trusted cybersecurity partner

QuickBooks Online Security White Paper July 2017

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

How to Conduct a Business Impact Analysis and Risk Assessment

locuz.com SOC Services

Automating the Top 20 CIS Critical Security Controls

EU General Data Protection Regulation (GDPR) Achieving compliance

A Checklist for Cybersecurity and Data Privacy Diligence in TMT Transactions

Performing a Vendor Security Review TCTC 2017 FALL EVENT PRESENTER: KATIE MCINTOSH

IT Audit Process Prof. Liang Yao Week Two IT Audit Function

Introduction to ISO/IEC 27001:2005

BRING EXPERT TRAINING TO YOUR WORKPLACE.

Cybersecurity: Considerations for Internal Audit. Gina Gondron Senior Manager Frazier & Deeter Geek Week August 10, 2016

Administration and Data Retention. Best Practices for Systems Management

NE HIMSS Vendor Risk. October 9, 2015 MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS

Background FAST FACTS

Integrating HIPAA into Your Managed Care Compliance Program

COURSE BROCHURE. COBIT5 FOUNDATION Training & Certification

FFIEC Cyber Security Assessment Tool. Overview and Key Considerations

ISO STANDARD IMPLEMENTATION AND TECHNOLOGY CONSOLIDATION

Digital Health Cyber Security Centre

Transcription:

HITRUST CSF Assurance Program

HITRUST CSF Assurance Program The Need Organizations facing multiple and varied assurance requirements from a variety of parties Increasing pressure and penalties associated with enforcement efforts of HIPAA/HITECH Inordinate level of effort being spent on the negotiation of requirements, data collection, assessment and reporting

CSF Assurance Program Provides a common set of information security requirements, assessment tools and reporting processes Reduces the number and costs of business partner security assessments HITRUST governance and quality control enable trust between third parties

HITRUST Common Security Framework Certifiable framework to enable common understanding and acceptance Leverage existing, globally recognized standards Prescriptive requirements HITRUST Scales according to organizational need CSF Risk-based approach Sector-specific requirements Flexibility to adopt alternate controls Evolving framework

Standards and Regulations Overlap COBIT ISO 27001/2 HITECH Act HIPAA Security PCI Meaningful Use NIST 800-53 States

CSF Standards and Regulations Coverage ISO 27001/2 HITECH Act HITRUST CSF HIPAA Security PCI Meaningful Use NIST 800-53 States

CSF Breakdown The CSF has 135 controls Each control has 3 levels of implementation Implementation levels build on each other as the complexity risk of your organization grows Organizations can require different levels of implementation for different controls. Organizations would not be Level 1 or Level 2 across the board Implementation levels are determined by organizational, system and regulatory factors

CSF Controls Required for Certification COBIT Chosen based upon risk to help organizations assess and remediate efficiently HITECH Act** ISO 27001/2 63 Controls Required for HIPAA Certification Security PCI Meangfl. Use* Divided into 19 Domains to group questions and maximize the utilization of subject matter experts NIST 800-53 States

CSF Assurance Program Areas Evaluated Information Protection Program Endpoint Protection Portable Media Security Mobile Device Security Wireless Protection Configuration Management Vulnerability Management Network Protection Transmission Protection Password Management Access Control Audit Logging & Monitoring Education, Training & Awareness Third Party Security Incident Management Business Continuity & Disaster Recovery Risk Management Physical & Environmental Security Data Protection & Privacy

CSF Assurance Program Degrees of Assurance CSF Self Assessments can be conducted by business associate CSF Validated or Certified requires third party engagement

Key Components of CSF Assurance Program Standardized tools and processes Questionnaire Focus assurance dollars to efficiently assess risk exposure Measured approach based on risk and compliance Ability to escalate assurance level based on risk Report Output that is consistently interpreted across the industry Cost effective and rigorous assurance Multiple assurance options based on risk Quality control processes to ensure consistent quality and output across CSF Assessors

Assessment Options: Self Assessment Assessed entity completes a baseline assessment questionnaire within MyCSF tool Focuses on key areas of security and the use of technology (e.g., firewalls, A/V) HITRUST performs limited consistency check and review on the results and issues a CSF Self Assessment report

Assessment Options: CSF Validated Assessed entity completes a baseline assessment questionnaire within MyCSF tool Additional on-site testing is performed by a third party CSF Assessor Onsite interviews Review documentation (policies, procedures, previous assessments) Walkthroughs Technical configuration testing The completed questionnaire and supporting documentation are sent to HITRUST for review HITRUST issues CSF Validated report

CSF Assurance Program: CSF Certified CSF Certified designates that an organization meets all of the certification requirements of the CSF Same components and process as CSF Validated under the CSF Assurance program Must engage a qualified third party CSF Assessor to perform onsite testing HITRUST reviews and grants certification to the assessed entity Valid for two years from the certification date

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback