Compliance & Security Audits
Overview
Regulations and recommendations from federal and state government as well as industry groups place additional security requirements on business and growing responsibility on business leaders for compliance. Many regulations offer only vague recommendations for security controls subject to interpretation and subsequent implementation by the business. Some provide specific requirements that must be addressed, documented and maintained. At the heart of all these compliance efforts is an attempt to establishment a minimal set of standard security controls that ensure the confidentiality, integrity and availability of certain respective protected information and the systems and networks wherein they reside.
Spohn’s HIPAA Security Assessment identifies gaps in compliance in accordance with the HIPAA Security Rule. Spohn deploys skilled security consultants and tools to assess your organization’s security controls within a process specifically designed for HIPAA Security Rule compliance. The result is an in-depth documented compliance assessment and recommendation that can help you speed remediation efforts and lower costs.
The HIPAA Security Assessment provides the unbiased in-depth analysis and documentation of your security measures and delivers the detailed information you need to meet compliance and design, plan, and implement improvements.
HIPAA Security Assessment provides the following benefits:
- Meet audit requirement of the HIPAA Security Rule Sec. 164.308(a)(1)(ii)
- Lower IT cost by allocating security resources to preventative efforts rather than post-event remediation
- Provide a reasonable basis on which to rely on the company’s security measures for the confidentiality, integrity, and availability of its information and systems
- Help management develop, maintain, and improve existing security controls
- Gain added credibility with customers, board, investors, partners, and creditors
- Demonstrate due-diligence in an organization’s efforts to manage risk and liability inherent in its security posture
- Acquire detailed documentation for use in budget and remediation planning
- Quickly prioritize and remedy vulnerabilities by using data, detailed descriptions, recommendations and links to online resources packaged on the Remediation Database on DVD-ROM
HIPAA Security Assessment Overview
Spohn’s Financial Security Assessment assesses your security posture and risks, provides analysis and remedies allowing you to prioritize your needs, and offers you an unbiased third party assessment to meet regulatory requirements or prove due diligence. The assessment and resulting security profile are customizable based on the Gramm Leach Bliley Act, the Interagency Guidelines for Safeguarding Customer Information, FFIEC Handbook on Information Security, and other regulations and guidance provided by FRB, NCUA, FDIC, OCC, and the OTS . The ESA service provides a complete enterprise solution for detailed inspection, analysis, and reporting of the security controls across your financial institution.
Spohn utilizes experienced security consultants and proven tools and processes to assess physical, technical, and administrative security controls, including policy, plans and procedures against industry security standards, best practices, regulatory requirements and your internal needs. The comprehensive analysis, documentation and remediation recommendations provided by our services can help you to determine and plan for commercially reasonable improvements to your security.
Enterprise Security Assessment provides the following benefits:
- Meet regulatory requirements through documented proof of security controls
- Demonstrate due diligence for corporate mergers and acquisitions
- Gain a clear understanding of risk to assets and information systems
- Provides proof of compliance with security requirements for most legislation
- Builds confidence with stakeholders, shareholders, board members, and employees
- Establish a true baseline of actual security implementation within the enterprise
- Quickly prioritize and remedy vulnerabilities by using data, detailed descriptions, recommendations and links to online resources packaged on the Remediation Database on DVD-ROM
ISO 27001/2 for GLB, SOX and others
Spohn helps all industries with our security assessment service for identifying threats, risk, vulnerabilities and commercially reasonable improvements by deploying proven people, processes and tools to assess the effectiveness of a company’s security controls against security best practices. By using ISO/IEC 17799, the internationally-recognized standard for enterprise security best practices, as a base within your audit, you can be confident that you have used an Internationally recognized “Best Practices” for security to protect your enterprise, provide proof of regulatory compliance and demonstrate due-diligence.
Spohn can assess an organization against the entire ISO 27001/2 security standard or custom tailor an assessment to meet your organization’s specific requirements through a subset of security controls detailed within the standard. Whether custom-designed or using Spohn’s ISO 27001/2 checklist, you will receive comprehensive analysis, documentation and remediation recommendations for determining and planning commercially reasonable improvements to security.
ISO 27001/2 Security Assessment provides the following benefits:
- Meet security requirements of Sarbanes-Oxley (SOX), Gramm-Leach-Bliley (GLB) and other regulations
- Determine effectiveness of security controls compared to an Internationally recognized security standard (Best Practice)
- Demonstrates due-diligence in an organization’s efforts to identify threats, weaknesses, vulnerabilities, and gaps in compliance
- Provides proof of compliance with security requirements for most legislation
- Builds confidence with stakeholders, shareholders, board members, and employees
- Fits within standard framework for risk management
- Quickly prioritize and remedy vulnerabilities by using data, detailed descriptions, recommendations and links to online resources packaged on the Remediation Database on CD-ROM
