Network Security Management & Regulatory Compliance

PCI Readiness

ITS provides PCI DSS Readiness Assessments and Gap Analysis consulting services for organizations seeking to become compliant with the Payment Card Industry Data Security Standards (PCI DSS) provisions.  Whether your organization is looking for assistance with the PCI DSS Self-Assessment Questionnaires (SAQ) or requires an actual Level 1 on-site assessment by a Qualified Security Assessor (PCI-QSA), ITS’s highly skilled and competent consultants provide the following pre-assessment services:

Internet Security.  Laptop and safe lock.

  • Discussing your overall PCI needs, timeframe for compliance, expectations, etc.
  • Properly scoping the assessed cardholder data environment (CDE) as required by the PCI DSS provisions for all 12 requirements, sub-requirements, and the all-important Appendix A.
  • Providing all necessary PCI DSS policy and procedure templates, along with active assistance in customizing and developing said documents.
  • Recommending numerous open-source and cost-effective tools for PCI compliance, such as the following:
    • Web Application Firewalls.
    • Two-factor Authentication systems.
    • File Integrity Monitoring (FIM) solutions.
    • Anti-Virus Software.

PCI DSS Readiness Assessment | Gap Analysis

It is critical that organizations undertake a PCI DSS Readiness Assessment | Gap Analysis engagement for ensuring the overall success of one’s PCI certification process.  A poorly planned, under-funded, incorrectly scoped engagement will lead to numerous delays, operational constraints, and numerous other challenges.  Thus, look upon a PCI DSS Readiness Assessment as not merely an additional cost to the engagement, but a highly useful, proactive, and necessary process for achieving PCI compliance in an efficient, cost-effective, and timely manner.

Keep in mind that one of the most notable areas for remediation for PCI is that of policies and procedures – or the lack of them – for which merchants, service providers and all other intended parties must develop.  ITS can provide a set of customized PCI policies and procedures, which are included with any type of PCI engagement that ITS undertakes.

HIPAAMobile business  Concept

ITS provides HIPAA and HITECH compliance auditors and consultants for HIPAA Privacy & Security Rule auditing and consulting services with a proven and experienced team of healthcare auditors who have years of experience working with HIPAA and the newly released HITECH requirements and Final Omnibus Rulings of January, 2013.  As for the Privacy Rule, it includes a number of provisions found within the Code of Federal Regulations | Title 45 | Public Welfare | Parts 1 to 199 effectively detailing the provisions for the Privacy of Individually Identifiable Health Information, which are the following sixteen (16) “sections” for 164.500 – 164.534 :

  • 164.500: Applicability
  • 164.501: Definitions
  • 164.502: Uses and Disclosures of Protected Health Information: General Rules
  • 164.504: Uses and Disclosures: Organizational Requirements
  • 164.506: Uses and Disclosures to Carry out Treatment, Payment, or Health Care Operations
  • 164.508: Uses and Disclosures for Which an Authorization is Required
  • 164.510: Uses and Disclosures Requiring an Opportunity for the Individual to agree or to Object
  • 164.512: Uses and Disclosures for Which an Authorization or Opportunity to Agree or Object is Not Required
  • 164.514: Other Requirements Relating to Uses & Disclosures of Protected Health Information
  • 164.520: Notice of Privacy Practices for Protected Health Information
  • 164.522: Rights to Request Privacy Protection for Protected Health Information
  • 164.524: Access of Individuals to Protected Health Information
  • 164.526: Amendment of Protected Health Information
  • 164.528: Accounting of Disclosure of Protected Health Information
  • 164.530: Administrative Requirements
  • 164.532: Transition Provisions
  • 164.534: Compliance Dates for Initial Implementation of the Privacy Standards

As for the Security Standards for the Protection of Electronic Protected Health Information, the requirements and applicable sections can be found in the Code of Federal Regulations | Title 45 | Public Welfare | Parts 1 to 199 in Subpart C, sections 164.302 to 164.318.  Specifically, theses “sections” are the following:

  • 164.302: Applicability
  • 164.304: Definitions
  • 164.306: Security Standards: General Rules
  • 164.308: Administrative Safeguards
  • 164.310: Physical Safeguards
  • 164.312: Technical Safeguards
  • 164.314: Organizational Requirements
  • 164.316: Policies and Procedures and Documentation Requirements
  • 164.318: Compliance Dates for Initial Implementation of Security Standards

One of the most challenging tasks of network security management in HIPAA and HITECH compliance is gaining a sound understanding and interpretation of the legislation itself, along with implementing policies and procedures for ensuring compliance.  Additionally, both a “covered entity” and a “business associate” often find themselves needing highly customized policy and procedure documentation for HIPAA and HITECH compliance, but lack the internal resources to develop this type of material.  Furthermore, assistance is often needed for actually implementing the required controls and supporting procedures for further ensuring HIPAA and HITECH compliance.  Add to the mix of the Final Omnibus Rulings of January, 2013, the need for top-quality HIPAA assistance becomes even greater.

ITS | Your HIPAA and HITECH Compliance Auditors and Consulting Experts

ITS has spent years working with organizations in the healthcare industry and can provide you with the following services relating to HIPAA and HITECH:

Readiness Assessments and Gap Analysis services: An important component of HIPAA and HITECH compliance is knowing what “compliance” actually means.  Specifically, what systems and supporting resources are to be included in the scope, what personnel are involved, along with identifying and understanding many other critical areas.

Policy and Procedure development: Regardless if you are identified as a “covered entity” or a “business associate,” HIPAA and HITECH compliance is highly dependent upon having documented policies and procedures in place specifically related to many of the Privacy & Security Rule requirements.

Additionally, ITS can also assist in procuring the necessary technology resources in further helping assist with one’s HIPAA and HITECH compliance requirements.  ITS’s experienced HIPAA and HITECH auditors and consultants for the HIPAA Privacy & Security can help your organization get compliant today!