SlideShare une entreprise Scribd logo

Enterprise Vendor Management, a Compliance and Information Security Strategy

Aegify Inc.
Aegify Inc.
1  sur  1
Télécharger pour lire hors ligne
Enterprise Vendor Management, a Compliance and Information Security Strategy In today’s business scenario, vendors play an important role in the success of a business. They are strategic partners who can help to boost the overall performance of the enterprise. Obviously, not every vendor can contribute to the business success. Therefore, organizations need to scrutinize the prospects before selecting a suitable vendor. However, it does not stop there. Even after selecting a vendor, effective vendor management is essential to ensure success. With the Omnibus Final Rule coming into effect on March 26, 2013, the Business Associates of a Covered Entity are also covered under applicable rules such as the Breach Notification Rule, HIPAA Security Rule, and HIPAA Privacy Rule. As per the rules, a Business Associate, as much as a Covered Entity must comply with the applicable standards, implementation specifications, and requirements with respect to electronic protected health information of a Covered Entity. This is necessary to ensure confidentiality, integrity and availability of all protected health information in physical or electronic form that a Covered Entity or a Business Associate may create, receive, maintain, or transmit. Failure to comply with any or all of the requirements of HIPAA/HITECH regulations may lead to monetary penalties up to $1.5 million per incident (with no upper limit), potential lawsuits, and criminal prosecution. Therefore, healthcare practitioners and providers collectively known as covered entities must need a vendor management solution to know how far their vendors and Business Associates have progressed in their compliance efforts. An IT Compliance Management solution helps to automate the security and compliance management process of all external vendors and sub-contractors. This helps covered entities to gain complete visibility and have control over the security and compliance posture of all their vendors. Vendor management for HIPAA/HITECH is a simple process: 1. Covered Entity completes a HI-SCAN (HI-SCAN is a quick technique that utilizes a simple-to-use, brief question set to determine the level of Business Associate security and compliance with HIPAA/HITECH regulations) 25-question assessment of all Business Associates that involves four steps: · · · · Input all Business Associates into the HI-SCAN tool Send the assessment to the Business Associates Business Associates answer the questions online Covered Entity reviews responses and generates a quick compliance report that identifies remedial actions 2. Pursue the high-risk exposure Business Associates with a full assessment Deploying a vendor management solution, thus, is a Vulnerability management that helps to quickly access and manage the security and compliance levels of an enterprise’s organization and its Business Associates. Related Links – HIPAA compliance management

Recommandé

Importance of Following HITECH Compliance Guidelines
Importance of Following HITECH Compliance Guidelines Importance of Following HITECH Compliance Guidelines
Importance of Following HITECH Compliance Guidelines Aegify Inc.
 
The UCF® Announces UCFinterchange to Support Cybersecurity
The UCF® Announces UCFinterchange to Support CybersecurityThe UCF® Announces UCFinterchange to Support Cybersecurity
The UCF® Announces UCFinterchange to Support CybersecurityAegify Inc.
 
eGestalt Technologies Named Winner of 2013 TiE50 “Top Startup” at TiEcon 2013
eGestalt Technologies Named Winner of 2013 TiE50 “Top Startup” at TiEcon 2013eGestalt Technologies Named Winner of 2013 TiE50 “Top Startup” at TiEcon 2013
eGestalt Technologies Named Winner of 2013 TiE50 “Top Startup” at TiEcon 2013Aegify Inc.
 
Webinar on HIPAA Omnibus Demystified
Webinar on HIPAA Omnibus DemystifiedWebinar on HIPAA Omnibus Demystified
Webinar on HIPAA Omnibus DemystifiedAegify Inc.
 
eGestalt presents at RSA 2013, where the world talks security
eGestalt presents at RSA 2013, where the world talks securityeGestalt presents at RSA 2013, where the world talks security
eGestalt presents at RSA 2013, where the world talks securityAegify Inc.
 
Security Posture Management Enters the Cloud
Security Posture Management Enters the CloudSecurity Posture Management Enters the Cloud
Security Posture Management Enters the CloudAegify Inc.
 
eGestalt Announces Next Generation Security Posture Management with Aegify
eGestalt Announces Next Generation Security Posture Management with AegifyeGestalt Announces Next Generation Security Posture Management with Aegify
eGestalt Announces Next Generation Security Posture Management with AegifyAegify Inc.
 
Implications of hipaa non compliance
Implications of hipaa non complianceImplications of hipaa non compliance
Implications of hipaa non complianceAegify Inc.
 

Recommandé

Importance of Following HITECH Compliance Guidelines
Importance of Following HITECH Compliance Guidelines Importance of Following HITECH Compliance Guidelines
Importance of Following HITECH Compliance Guidelines Aegify Inc.
 
The UCF® Announces UCFinterchange to Support Cybersecurity
The UCF® Announces UCFinterchange to Support CybersecurityThe UCF® Announces UCFinterchange to Support Cybersecurity
The UCF® Announces UCFinterchange to Support CybersecurityAegify Inc.
 
eGestalt Technologies Named Winner of 2013 TiE50 “Top Startup” at TiEcon 2013
eGestalt Technologies Named Winner of 2013 TiE50 “Top Startup” at TiEcon 2013eGestalt Technologies Named Winner of 2013 TiE50 “Top Startup” at TiEcon 2013
eGestalt Technologies Named Winner of 2013 TiE50 “Top Startup” at TiEcon 2013Aegify Inc.
 
Webinar on HIPAA Omnibus Demystified
Webinar on HIPAA Omnibus DemystifiedWebinar on HIPAA Omnibus Demystified
Webinar on HIPAA Omnibus DemystifiedAegify Inc.
 
eGestalt presents at RSA 2013, where the world talks security
eGestalt presents at RSA 2013, where the world talks securityeGestalt presents at RSA 2013, where the world talks security
eGestalt presents at RSA 2013, where the world talks securityAegify Inc.
 
Security Posture Management Enters the Cloud
Security Posture Management Enters the CloudSecurity Posture Management Enters the Cloud
Security Posture Management Enters the CloudAegify Inc.
 
eGestalt Announces Next Generation Security Posture Management with Aegify
eGestalt Announces Next Generation Security Posture Management with AegifyeGestalt Announces Next Generation Security Posture Management with Aegify
eGestalt Announces Next Generation Security Posture Management with AegifyAegify Inc.
 
Implications of hipaa non compliance
Implications of hipaa non complianceImplications of hipaa non compliance
Implications of hipaa non complianceAegify Inc.
 
Address Threat Management - No Ifs and Buts
Address Threat Management - No Ifs and ButsAddress Threat Management - No Ifs and Buts
Address Threat Management - No Ifs and ButsAegify Inc.
 
eGestalt Named a 2012 ‘Emerging Vendor’by CRN and UBM Channel
eGestalt Named a 2012 ‘Emerging Vendor’by CRN and UBM ChanneleGestalt Named a 2012 ‘Emerging Vendor’by CRN and UBM Channel
eGestalt Named a 2012 ‘Emerging Vendor’by CRN and UBM ChannelAegify Inc.
 
IT Compliance and Security Solutions
IT Compliance and Security SolutionsIT Compliance and Security Solutions
IT Compliance and Security SolutionsAegify Inc.
 
SecureGRC SB™ HIPAA and HITECH
SecureGRC SB™ HIPAA and HITECHSecureGRC SB™ HIPAA and HITECH
SecureGRC SB™ HIPAA and HITECHAegify Inc.
 
Webinar on HIPAA/HITECH compliance services for healthcare industry
Webinar on HIPAA/HITECH compliance services for healthcare industryWebinar on HIPAA/HITECH compliance services for healthcare industry
Webinar on HIPAA/HITECH compliance services for healthcare industryAegify Inc.
 
Importance of Healthcare Compliance Solutions
Importance of Healthcare Compliance SolutionsImportance of Healthcare Compliance Solutions
Importance of Healthcare Compliance SolutionsAegify Inc.
 
Key featuresofcloudbasedsaas
Key featuresofcloudbasedsaasKey featuresofcloudbasedsaas
Key featuresofcloudbasedsaasAegify Inc.
 
NetWitness Decoder
NetWitness DecoderNetWitness Decoder
NetWitness DecoderAegify Inc.
 
SecureGRC: Unification of Security Monitoring and IT-GRC
SecureGRC: Unification of Security Monitoring and IT-GRCSecureGRC: Unification of Security Monitoring and IT-GRC
SecureGRC: Unification of Security Monitoring and IT-GRCAegify Inc.
 

Contenu connexe

Plus de Aegify Inc.

Address Threat Management - No Ifs and Buts
Address Threat Management - No Ifs and ButsAddress Threat Management - No Ifs and Buts
Address Threat Management - No Ifs and ButsAegify Inc.
 
eGestalt Named a 2012 ‘Emerging Vendor’by CRN and UBM Channel
eGestalt Named a 2012 ‘Emerging Vendor’by CRN and UBM ChanneleGestalt Named a 2012 ‘Emerging Vendor’by CRN and UBM Channel
eGestalt Named a 2012 ‘Emerging Vendor’by CRN and UBM ChannelAegify Inc.
 
IT Compliance and Security Solutions
IT Compliance and Security SolutionsIT Compliance and Security Solutions
IT Compliance and Security SolutionsAegify Inc.
 
SecureGRC SB™ HIPAA and HITECH
SecureGRC SB™ HIPAA and HITECHSecureGRC SB™ HIPAA and HITECH
SecureGRC SB™ HIPAA and HITECHAegify Inc.
 
Webinar on HIPAA/HITECH compliance services for healthcare industry
Webinar on HIPAA/HITECH compliance services for healthcare industryWebinar on HIPAA/HITECH compliance services for healthcare industry
Webinar on HIPAA/HITECH compliance services for healthcare industryAegify Inc.
 
Importance of Healthcare Compliance Solutions
Importance of Healthcare Compliance SolutionsImportance of Healthcare Compliance Solutions
Importance of Healthcare Compliance SolutionsAegify Inc.
 
Key featuresofcloudbasedsaas
Key featuresofcloudbasedsaasKey featuresofcloudbasedsaas
Key featuresofcloudbasedsaasAegify Inc.
 
NetWitness Decoder
NetWitness DecoderNetWitness Decoder
NetWitness DecoderAegify Inc.
 
SecureGRC: Unification of Security Monitoring and IT-GRC
SecureGRC: Unification of Security Monitoring and IT-GRCSecureGRC: Unification of Security Monitoring and IT-GRC
SecureGRC: Unification of Security Monitoring and IT-GRCAegify Inc.
 

Plus de Aegify Inc. (9)

Address Threat Management - No Ifs and Buts
Address Threat Management - No Ifs and ButsAddress Threat Management - No Ifs and Buts
Address Threat Management - No Ifs and Buts
 
eGestalt Named a 2012 ‘Emerging Vendor’by CRN and UBM Channel
eGestalt Named a 2012 ‘Emerging Vendor’by CRN and UBM ChanneleGestalt Named a 2012 ‘Emerging Vendor’by CRN and UBM Channel
eGestalt Named a 2012 ‘Emerging Vendor’by CRN and UBM Channel
 
IT Compliance and Security Solutions
IT Compliance and Security SolutionsIT Compliance and Security Solutions
IT Compliance and Security Solutions
 
SecureGRC SB™ HIPAA and HITECH
SecureGRC SB™ HIPAA and HITECHSecureGRC SB™ HIPAA and HITECH
SecureGRC SB™ HIPAA and HITECH
 
Webinar on HIPAA/HITECH compliance services for healthcare industry
Webinar on HIPAA/HITECH compliance services for healthcare industryWebinar on HIPAA/HITECH compliance services for healthcare industry
Webinar on HIPAA/HITECH compliance services for healthcare industry
 
Importance of Healthcare Compliance Solutions
Importance of Healthcare Compliance SolutionsImportance of Healthcare Compliance Solutions
Importance of Healthcare Compliance Solutions
 
Key featuresofcloudbasedsaas
Key featuresofcloudbasedsaasKey featuresofcloudbasedsaas
Key featuresofcloudbasedsaas
 
NetWitness Decoder
NetWitness DecoderNetWitness Decoder
NetWitness Decoder
 
SecureGRC: Unification of Security Monitoring and IT-GRC
SecureGRC: Unification of Security Monitoring and IT-GRCSecureGRC: Unification of Security Monitoring and IT-GRC
SecureGRC: Unification of Security Monitoring and IT-GRC
 

Enterprise Vendor Management, a Compliance and Information Security Strategy

  • 1. Enterprise Vendor Management, a Compliance and Information Security Strategy In today’s business scenario, vendors play an important role in the success of a business. They are strategic partners who can help to boost the overall performance of the enterprise. Obviously, not every vendor can contribute to the business success. Therefore, organizations need to scrutinize the prospects before selecting a suitable vendor. However, it does not stop there. Even after selecting a vendor, effective vendor management is essential to ensure success. With the Omnibus Final Rule coming into effect on March 26, 2013, the Business Associates of a Covered Entity are also covered under applicable rules such as the Breach Notification Rule, HIPAA Security Rule, and HIPAA Privacy Rule. As per the rules, a Business Associate, as much as a Covered Entity must comply with the applicable standards, implementation specifications, and requirements with respect to electronic protected health information of a Covered Entity. This is necessary to ensure confidentiality, integrity and availability of all protected health information in physical or electronic form that a Covered Entity or a Business Associate may create, receive, maintain, or transmit. Failure to comply with any or all of the requirements of HIPAA/HITECH regulations may lead to monetary penalties up to $1.5 million per incident (with no upper limit), potential lawsuits, and criminal prosecution. Therefore, healthcare practitioners and providers collectively known as covered entities must need a vendor management solution to know how far their vendors and Business Associates have progressed in their compliance efforts. An IT Compliance Management solution helps to automate the security and compliance management process of all external vendors and sub-contractors. This helps covered entities to gain complete visibility and have control over the security and compliance posture of all their vendors. Vendor management for HIPAA/HITECH is a simple process: 1. Covered Entity completes a HI-SCAN (HI-SCAN is a quick technique that utilizes a simple-to-use, brief question set to determine the level of Business Associate security and compliance with HIPAA/HITECH regulations) 25-question assessment of all Business Associates that involves four steps: · · · · Input all Business Associates into the HI-SCAN tool Send the assessment to the Business Associates Business Associates answer the questions online Covered Entity reviews responses and generates a quick compliance report that identifies remedial actions 2. Pursue the high-risk exposure Business Associates with a full assessment Deploying a vendor management solution, thus, is a Vulnerability management that helps to quickly access and manage the security and compliance levels of an enterprise’s organization and its Business Associates. Related Links – HIPAA compliance management