What is HIPAA compliance?
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a series of regulatory standards that outline the lawful use and disclosure of protected health information (PHI). Healthcare providers and those who handle PHI are required to follow HIPAA guidelines in projecting patient data. TechCXO has extensive experience implementing and supporting full scale HIPAA regulated systems and organizations.
System and Organization Controls (SOC2)
System and Organization Controls (SOC 2) is an auditing procedure that ensures service providers securely manage their data to protect the interests of the organization and the privacy of its clients. For security-conscious businesses, SOC 2 compliance is a minimal requirement when considering a SaaS provider.
HITRUST is a certifiable and recommended framework trusted by many health networks and hospitals to manage risk.
HITRUST aims to solve these issues by providing an integrated security approach as well as a way to demonstrate compliance with HIPAA security requirements to a third-party assessor.
The National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) provides a policy framework of computer security guidance for how private sector organizations in the United States can assess and improve their ability to prevent, detect, and respond to cyber attacks. NIST CSF is a valuable set of procedures for organizations to map and control critical information security programs. TechCXO ties NIST CSF controls to operational procedures to maintain a high level of security maturity across an organization’s systems and procedures.
FISMA / CMMC
FISMA (Federal Information Security Management Act) governs information security requirements for federal entities and vendors working with Federal agencies. FISMA certification will ensure that organizations remain complaint with Federal security requirements.
CMMC is the Cybersecurity Maturity Model Certification required for all DoD vendors. CMMC combines the controls from SP 800-171, SP 800-171b (Enhanced Security Requirements for Critical Programs and High-Value Assets) and from other sources.
TechCXO advises our clients on their FISMA / CMMC compliance and manages their security certifications with governmental agencies.
The Federal Financial Institutions Examination Council (FFIEC) is a formal U.S. government interagency body composed of five banking regulators that is “empowered to prescribe uniform principles, standards, and report forms to promote uniformity in the supervision of financial institutions”. TechCXO CISO team specializes in implementing and managing FFIEC maturity tracking and reporting.