5 Steps to Mastering a Risk Assessment

by Sarah Harvey / February 3rd, 2015

Performing a Risk Assessment is a critical component of any Information Security Program. It’s mandated by several frameworks (SSAE 16, SOC 2, PCI DSS, ISO 27001, HIPAA, FISMA). In order to comply with those frameworks, your organization has to complete a risk assessment, and then assess and address the risks by implementing security controls. The Risk Assessment process is a constantly moving and evolving process for an organization. So, where…

Are you Ready for an Onsite Audit from the OCR?

by Sarah Harvey / November 19th, 2014

Phase 2 of HIPAA Audit Program Expected in 2015 The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) has always enforced HIPAA compliance. Recently, they have announced plans to proceed with Phase 2 of the HIPAA audit program, a more proactive approach to overseeing HIPAA compliance. Supervision is coming. The OCR is determined to begin performing periodic audits to ensure that Covered Entities and Business Associates…