HITRUST CSF v11 certification is granted for Microsoft Azure

Azure HITRUST CSF compliance requirements: The requirement for cloud computing to enhance patient outcomes, capture cost savings, and facilitate care coordination, particularly for patients in remote places, is driving a rapid revolution in the healthcare sector. Healthcare firms may use cutting-edge technology like artificial intelligence, machine learning, big data analytics, and the Internet of Things to improve their services and operations thanks to cloud computing.

To secure and protect sensitive healthcare data, such as electronic health records, medical imaging, genomic data, and personal health information, cloud computing also introduces new risks and concerns. Healthcare organizations must make sure that their cloud service providers adhere to the intricate and constantly changing laws and regulations that govern the healthcare sector, as well as the highest standards of security and compliance.

The healthcare sector’s security and compliance are priorities for Microsoft Azure

The HITRUST Common Security Framework (CSF) is one of the most commonly used and respected frameworks for information protection in the healthcare sector. The HITRUST CSF is a thorough and expandable framework that combines numerous authoritative sources including HIPAA, NIST, ISO, PCI, and COBIT into a single set of harmonized controls. For evaluating and certifying the security and compliance posture of cloud service providers and their clients, the HITRUST CSF offers a prescriptive and flexible approach. A cloud service provider who has earned HITRUST CSF certification has put best practices and security measures in place to protect sensitive healthcare data in the cloud.

Providing secure and compliant cloud services for the healthcare industry is more crucial than ever as healthcare businesses congregate in the Dallas area for the HITRUST Collaborate 2023 event. In their pursuit of digital transformation, healthcare businesses can count on Microsoft Azure to be a reliable partner. Healthcare firms may create cutting-edge solutions that enhance the entire healthcare experience thanks to Azure’s extensive spectrum of cloud services. Additionally, Azure provides a number of features that help healthcare firms achieve and maintain security and compliance in the cloud.

As a result, we are pleased to report that 115 Azure Government services and 162 Azure services have received HITRUST CSF v11.0.1 certification. This certification covers all GA Azure regions across Azure and Azure Government clouds. This accomplishment is a result of Azure’s ongoing efforts to improve its security and compliance services for clients in the healthcare sector.

The most recent version of the framework, known as HITRUST CSF v11.0.1, combines new standards and updates from a number of reliable sources, including NIST SP 800-53 Rev 5, NIST Cybersecurity Framework v1.1, PCI DSS v3.2.1, FedRAMP High Baseline Rev 5, CSA CCM v3.0.1, GDPR, CCPA, and others. Along with new features and improvements, HITRUST CSF v11.0.1 also offers a maturity scoring model, risk factor analysis, an expansion of the inheritance program, an upgrade to the assessment scoping tool, and more. Achieving HITRUST CSF v11.0.1 certification reflects Azure’s growing dedication to offering customers in the healthcare sector secure and compliant cloud services.

A HITRUST External Assessor program-approved independent third-party audit company carried out the HITRUST CSF v11.0.1 r2 Validated Assessment for Azure. The audit company assessed Azure’s security policies, practices, processes, and controls against the cloud service providers’ specific HITRUST CSF standards. The auditing firm also confirmed that Azure’s security safeguards are implemented correctly and function as intended. The Service Trust Portal offers the HITRUST CSF Letter of Certification, which lists all certified Azure solutions and regions, to clients of Azure.

Partnership between Microsoft Azure and HITRUST Alliance

Along with the certification that was just announced, Azure and the HITRUST Alliance previously collaborated to create the HITRUST Shared Responsibility Matrix for Azure. This document clarifies the security and privacy obligations that lie between Azure and its clients, making it simpler for businesses to obtain their own HITRUST CSF certification.

The matrix shows which HITRUST CSF controls are entirely controlled by Azure, which controls are jointly managed by Azure and customers, and which controls are entirely the responsibility of the customers. The matrix also offers advice on how users can make use of Azure’s capabilities to fulfill their own security and compliance requirements.

Azure now offers the HITRUST Inheritance Program, which enables clients to externally inherit criteria from the Azure HITRUST CSF certification. This program empowers enterprises to achieve more by dramatically decreasing the compliance cost and hassle. Without further testing or validation by an outside assessor, the program enables clients to inherit up to 75% of applicable HITRUST CSF rules from the Azure certification scope.

As a result, it takes less time, effort, and money for customers to become certified using the HITRUST CSF or to report on their compliance status using other frameworks or standards that are based on the HITRUST CSF. Since the program’s launch, Azure has examined more than 23,450 client requests for inheritance.

Since November 2016, Azure has kept its HITRUST CSF certification. One of the first cloud service providers to receive HITRUST CSF certification was Azure, which has since broadened the range of certified services and geographical areas. A select few cloud service providers, including Azure, offer HITRUST CSF-certified services in both public and government clouds. With backward compatibility with HITRUST CSF v9.1, v9.2, v9.3, v9.4, v9.5, and v9.6 certifications, the Azure HITRUST CSF v11.0.1 certification provides support for a variety of clients.

The Azure HITRUST CSF certification is described in further detail

Azure is committed to speeding up the digital transformation of healthcare enterprises while maintaining cloud security and compliance. Healthcare firms can create creative solutions that enhance patient care, operational effectiveness, and business agility using Azure’s secure and compliant cloud platform. Additionally, Azure provides a range of services and technologies that help healthcare firms achieve and manage cloud security and compliance. The Azure HITRUST CSF certification demonstrates Azure’s dedication to being a reliable partner for healthcare businesses as they migrate to the cloud.

HITRUST lanzó recientemente la versión 11 de CSF , que agregó la evaluación e1 a sus servicios y actualizó las evaluaciones i1 y r2, lo que permite a las organizaciones reutilizar el trabajo de las evaluaciones HITRUST de nivel inferior y lograr progresivamente una mayor seguridad al compartir requisitos de control comunes en la herencia. CSF v11 se diseñó para adaptarse a las amenazas a fin de proteger a las organizaciones contra amenazas nuevas y emergentes.

Secure your business by achieving CyberCrest’s HITRUST CS

CyberCrest renounces HITRUST Compliance Services to help organizations meet industry standards and regulations for protecting sensitive data. HITRUST CSF Certification is required for many organizations in the healthcare industry that handle Protected Health Information (PHI). With CyberCrest’s proven methodology and expertise, your organization can achieve and continuously maintain HITRUST compliance with our readiness assessment services, validated assessment support services, and comprehensive remediation services.

HITRUST Updates Scoring Rubric in Support of i1 Assessment

In January of 2022, HITRUST released an advisory for their updated Control Maturity Scoring Rubric, which was immediately enforced for the i1 assessment. For any organization undergoing the r2 assessment, the new rubric was enforced on May 1, 2022. This updated rubric assists assessed entities and their external assessors in assessment scoring to ensure they are implementing maturities at an appropriate level.  

Scoring Rubric Key Changes 

The scoring rubric has been updated by HITRUST to provide a more streamlined approach. Designed as a reference aid, this has frequently become a tool that organizations use to determine their scores across the various levels of control maturity. 

Key changes to the HITRUST Control Maturity Scoring Rubric include: 

A reduction in the tiers for Policy and Procedures maturity levels from five to three. Please note the levels of coverage remain the same, ranking from ‘very low’ to ‘very high’. The new tiers are as follows: 

Tier 0 = No documented Policy and/or Procedure 

Tier 1 = Undocumented Policy and/or Procedure 

Tier 2 = Fully documented Policy and/or Procedure  

Organizations will now have to address the illustrative procedures for all of the control requirements and policy statements.  Previously, organizations only addressed the requirements they met. They will now need to go a step further and look at illustrative procedures within the policy and procedure documents to address all elements for that requirement.  

The addition of evaluative elements into the rubric. Organizations are now required to address evaluative elements in the policy document and in the procedure document for every requirement for the policy maturity and procedure maturity. 

In addition to these key changes, HITRUST also made minor adjustments to the scoring rubric. 

HITRUST reformatted the guidance for supporting documentation to qualify as a measure by clarifying the metrics and adding context. 

The timeframe table was revised to note if the information refers to r2 or i1 as previously there was no delineation.  

The addition of the current Bridge Certificate timing guidance into the rubric and sampling guidance as a visual. 

Although guidance was not modified, several sections were removed from the timeframe table in order to streamline the presentation of key timeframes. 

HITRUST added and updated links on the rubric where additional guidance can be located. 

How Organizations Can Prepare 

To ensure organizations aren’t caught off-guard it’s important that they continuously ensure that the controls that could impact their compliance score have been properly implemented. A-LIGN can conduct a HITRUST Gap Assessment to help organizations benchmark the implementation of their controls to the updated scoring rubric to ensure certification will be achieved or maintained. In addition, A-LIGN can help identify any gaps and recommend new controls that will need to be implemented. 

A-LIGN is one of only a few globally recognized cybersecurity and privacy compliance providers that offer a single-provider approach for organizations. A-LIGN is a HITRUST CSF Assessor firm, Qualified Security Assessor Company, Accredited ISO 27001 and ISO 22301 Certification Body, Accredited FedRAMP 3PAO and licensed CPA firm. 

Source: A-lign

Oracle Cloud Infrastructure achieves HITRUST...

Oracle Cloud Infrastructure is committed to meeting key regulations and protecting sensitive information. The achievement of HITRUST CSF Certification demonstrates that Oracle is taking information risk management and compliance seriously.

Oracle Cloud Infrastructure achieves HITRUST...

When an organization achieves HITRUST CSF Certification, you can be confident that they have endeavored a comprehensive assessment and validation process and implemented a risk-based approach to security and privacy protection.

Oracle Champions

I'm a Managing Consultant who performs HIPAA Compliance and Cybersecurity Audits – AMA about security and how sensitive medical records are handled online!

Hi /r/technology!

​

My name is Blaise Wabo, and I help organizations ensure that their web infrastructure is secure from cybersecurity threats, especially when compliance requirements are codified in law, as is the case in the healthcare industry. Rapidly changing healthcare and cybersecurity threats are both frequently making news headlines. Considering our country’s growing reliance on web-based solutions for day-to-day services like healthcare, and increasing cybersecurity threats from malefactors, sensitive health data must be handled with the utmost care – per standards such as the HIPAA privacy rule. A lot of changes have gone into effect recently, particularly with HITRUST including:

  *CSF v9.2 released Jan 21, 2019

  *HITRUST Validated Assessment QA changes effective April 1, 2019

  *Interim Assessment changes effective April 1, 2019

​

We're here to answer any of your questions relating to HIPAA and HITRUST compliance, HIPAA hosting requirements, audit procedures, and cybersecurity.

​

HIPAA Assessor, Blaise Wabo's bio:

​

Blaise Wabo is a Senior Manager at A-LIGN focused on performing HIPAA, SOC 1, SOC 2, and HITRUST examinations in various industries including healthcare, SaaS/PaaS/IaaS, payroll, and collections. Blaise holds the following certifications and accreditations: Certified Public Accountant (CPA), Certificate of Cloud Security Knowledge (CCSK), HITRUST Certified CSF Practitioner (HITRUST CCSFP) and Certified Information Systems Auditor (CISA).

​

About Atlantic.Net:

​

Atlantic.Net was formed in 1994 and specializes in providing HIPAA Compliant Hosting, Managed Hosting, Dedicated Hosting, Cloud Hosting, and more. We have both domestic and international data center operations, focused on implementing tailored hosting solutions. Atlantic.Net is a global web hosting provider with over 24 years of experience, specializing in Windows, Linux and FreeBSD server hosting. Atlantic.Net provides developer-friendly cloud hosting with a focus on simplifying the experience for users. Additionally, Atlantic.Net offers fully managed environments and security and compliance focused solutions across all its hosting facilities in San Francisco, New York, London, Toronto, Dallas, and Orlando. With a range of certifications and an SSAE 16 (SOC 1) TYPE II (Formerly SAS 70) audited data centers that the company owns and operates, the company is also known for its reliability, as dictated by its 100 percent uptime service-level agreement (SLA). For more information, please visit www.atlantic.net.

​

About A-LIGN:

​

A-LIGN is one of a limited number of solution providers that can offer a consolidated approach to information technology and information security audits. A-LIGN is a HITRUST CSF Assessor firm, Qualified Security Assessor Company, Accredited ISO 27001 Certification Body, Accredited FedRAMP 3PAO and licensed CPA firm. With the ability to work with small businesses to the largest of enterprises, A-LIGN leverages its industry expertise to guide organizations towards security, compliance and privacy services that will enhance their information security to prevent cyber threats, and reduce risk, turning their security into a competitive edge. For more information, visit www.A-LIGN.com.

​

Please Note: I WILL BEGIN ANSWERING QUESTIONS AT 1PM EST ON MAY 16TH.

​

My Proof: https://twitter.com/BlazeWabo/status/1128710854306869248

12 things you should know about Amazon DocumentDB (with MongoDB compatibility)

Amazon DocumentDB (with MongoDB compatibility) is a fast, scalable, highly available, and fully managed document database service that supports MongoDB workloads. You can use the same MongoDB 3.6 application code, drivers, and tools to run, manage, and scale workloads on Amazon DocumentDB without having to worry about managing the underlying infrastructure. As a document database, Amazon DocumentDB makes it easy to store, query, and index JSON data. AWS built Amazon DocumentDB to uniquely solve your challenges around availability, reliability, durability, scalability, backup, and more. In doing so, we built several novel and unique capabilities to remove undifferentiated heavy lifting and help reduce costs. This post introduces you to 12 Amazon DocumentDB capabilities you may not be aware of that can help you build and scale your MongoDB workloads on Amazon DocumentDB. 1. Modern, cloud-native architecture Amazon DocumentDB was built from the ground up with a cloud-native database architecture. Its unique architecture separates storage and compute so that each layer can scale independently. Amazon DocumentDB uses a purpose-built, distributed, fault-tolerant, self-healing storage system that is highly available and durable by replicating data six ways across three AWS Availability Zones (AZs). For more information, see the video AWS re:Invent 2019: Amazon DocumentDB deep dive on YouTube. The following diagrams shows the separation of compute and storage in the Amazon DocumentDB architecture and how data is replicated six ways across three AZs. 2. Scale in compute minutes, regardless of data size Because the storage volume is separated from the compute instances, the compute instances don’t rely on attached storage that is unique to the instance. Each instance in the cluster mounts the distributed storage volume; therefore, when new instances are added, no copying of data is required. That is advantageous to you because you can add an additional replica instance to your cluster or scale up instances in minutes to increase throughput up to millions of reads per second, regardless of data size. Similarly, you can scale down and scale in just as easily, without impacting the performance of your other instances. 3. Automatic, no impact, inexpensive backups Unlike traditional database architectures, backups aren’t at the compute layer, which can affect database performance. Instead, Amazon DocumentDB backups are handled by the storage layer and are continually streamed to Amazon S3. With Amazon DocumentDB, taking a snapshot doesn’t affect database performance, so you can take snapshots when you need to and avoid impacting the performance of your production database. In Amazon DocumentDB, continuous backup is enabled by default, providing 1 day of point-in-time restore (PITR). You can’t disable backup, and you can increase the backup retention period for PITR to 35 days. Additionally, you can take manual snapshots for long-term archival at any time. To offset the cost of enabling 1 day of backups by default, Amazon DocumentDB doesn’t charge for backup storage of up to 100% of your total cluster storage for a Region. Additional backups cost $0.02/GB per month. Furthermore, because backups happen at the storage layer, not at the compute layer, backups don’t use your compute resource or incur I/O costs. 4. Autoscaling storage and I/Os When you provision an Amazon DocumentDB cluster, you don’t need to specify how much storage or I/Os you need for your cluster. Amazon DocumentDB uses a unique storage system that automatically scales from 10 GB up to 64 TB of data per cluster in 10 GB increments. Autoscaling of storage and I/Os helps you save time and money by not having to worry about capacity planning or over-provisioning storage infrastructure. 5. Scaling reads on replicas In Amazon DocumentDB, the storage layer handles data replication and durability. Unlike traditional database architectures, replica instances in Amazon DocumentDB aren’t data bearing and don’t participate in a replication protocol to achieve quorum for durability. As a result, you can scale reads on your replica instances to get more performance from the compute resources you’re paying for and achieve high availability. For more information, see Connecting to Amazon DocumentDB as a Replica Set. 6. Implicit transactions In Amazon DocumentDB, all CRUD statements (findAndModify, update, insert, delete) guarantee atomicity and consistency, even for operations that modify multiple documents. This behavior is different than MongoDB 3.6, which only provides atomic guarantees for commands that modify a single document. The following code shows example operations in Amazon DocumentDB that modify multiple documents that satisfy both atomic and consistent behaviors: db.miles.update( {"credit_card": {$eq: true}}, {$mul: { "flight_miles.$[]": NumberInt(2) }}, { multi: true } ) db.miles.updateMany({"credit_card": {$eq: true}}, {$mul: { "flight_miles.$[]": NumberInt(2) }}) db.runCommand({ update: "miles", updates: [ {q: {"credit_card": {$eq: true}}, u: {$mul: { "flight_miles.$[]": NumberInt(2) }}, multi: true} ] }) db.products.deleteMany( { "cost" : { $gt : 30.00 } } ); db.runCommand( { delete: "products", deletes: [ {q: { "cost" : { $gt : 30.00 } }, limit: 0 } ] } ) 7. Free DMS for migrations to Amazon DocumentDB AWS Database Migration Service (DMS) helps you migrate databases to Amazon DocumentDB quickly and securely. You can use AWS DMS for free (for 6 months) to easily migrate your on-premises or EC2 MongoDB databases to Amazon DocumentDB with virtually no downtime. For more information, see AWS Database Migration Service: Free DMS. For more information about migrations, see Migrating to Amazon DocumentDB. 8. Highly durable, single-instance clusters for development and testing Amazon DocumentDB is highly durable by default. Because the storage handles its durability, and storage isn’t a function of how many instances you have in a cluster, you can create a single-instance cluster that’s still highly durable. Single-instance clusters are useful to save costs for dev and test workloads. For information about reducing costs, see Cost Optimization. 9. Broad set of compliance certifications and security controls Amazon DocumentDB provides numerous security controls. First, Amazon DocumentDB supports role-based access control (RBAC), so you can create users and attach built-in roles to restrict what operations the user can perform. Amazon DocumentDB is a VPC-only service. Amazon VPC lets you provision a logically isolated section of the AWS Cloud where you can launch AWS resources, like an Amazon DocumentDB cluster, in your own virtual network that you define. Amazon DocumentDB allows you to encrypt your databases using keys you create and control through AWS KMS. On a cluster running with Amazon DocumentDB encryption, data stored at rest in the underlying storage is encrypted, as are the automated backups, snapshots, and replicas in the same cluster. By default, connections between a client and Amazon DocumentDB are encrypted-in-transit with TLS. Amazon DocumentDB meets the highest security standards and makes it easy for you to verify AWS security and meet your own regulatory and compliance obligations. Amazon DocumentDB is assessed to comply with PCI DSS, ISO 9001, 27001, 27017, and 27018, SOC 1, 2 and 3, and Health Information Trust Alliance (HITRUST) Common Security Framework (CSF) certification, in addition to being HIPAA eligible. AWS compliance reports are available for download in AWS Artifact. 10. Starting and stopping Amazon DocumentDB clusters Amazon DocumentDB enables you to stop and start clusters to help save on costs. This makes it easy and affordable to use clusters for development and test purposes where the cluster isn’t required to be running all the time. When you stop a cluster, you bring the compute, and the cost, down to zero. For more information, see Stopping and Starting an Amazon DocumentDB Cluster. 11. Profiling for slow queries You can use the profiler in Amazon DocumentDB to log the execution time and details of queries performed on your cluster to Amazon CloudWatch Logs. The profiler is useful for monitoring the slowest operations on your cluster to help you improve individual query performance and overall cluster performance. For more information, see Profiling Amazon DocumentDB Operations. 12. Per-second pricing Amazon DocumentDB instances are billed in 1-second increments. With transparent on-demand pricing and no up-front commitment required, Amazon DocumentDB’s per-second billing provides additional granularity, so you only pay for the capacity you use. For more information, see Amazon DocumentDB (with MongoDB compatibility) pricing. Summary As a fully-managed database service, AWS built Amazon DocumentDB to uniquely solve your challenges around availability, reliability, durability, scalability, backup, and more. This post introduced you to 12 Amazon DocumentDB capabilities you may not be aware of that can help you build and scale your MongoDB workloads on Amazon DocumentDB. To get started with Amazon DocumentDB, see Getting Started with Amazon DocumentDB (with MongoDB compatibility); Part 2 – using AWS Cloud9. To learn more about migrating to Amazon DocumentDB, see the migration guide and a demo of a live migration.   About the Authors   Joseph Idziorek is a Principal Product Manager at Amazon Web Services.         Jeff Duffy is a Sr NoSQL Specialist Solutions Architect at Amazon Web Services.       https://probdm.com/site/MjI3ODA

Demonstrate HITRUST Compliance with Accorp Partners: Achieve audit readiness with our HITRUST assessment services.

Wowrack Completes SOC 2 Type II / SSAE 18 Audit

Seattle, WA – Wowrack, a Seattle-based global cloud services provider, finally completed and passed the SOC 2 Type II audit. This achievement was verified by an Independent Audit that assessed Wowrack’s Internal Control and Processes. This attestation provides evidence that Wowrack has a strong commitment to deliver high quality services to its clients by demonstrating the necessary internal controls and processes in place.

SOC 2 engagements are based on the AICPA’s Trust Services Criteria. SOC 2 service auditor reports focus on a service organization’s non-financial reporting controls as they relate to security, availability, processing integrity, confidentiality, and privacy of a system. KirkpatrickPrice’s service auditor report verifies the suitability of the design and operating effectiveness of Wowrack’s controls to meet the standards for these criteria.

“The SOC2 Type II certification is a crucial achievement for Wowrack as it demonstrates our commitment to Uptime, Security and protecting our customer’s data and Privacy,” said Erward Osckar, Managing Partner at Wowrack. “We treat data very seriously at Wowrack. The SOC2 Type II shows that Wowrack is competent and serious about securing its customers’ data.”

“The SOC 2 audit is based on the Trust Services Criteria. Wowrack has selected the security, availability, and confidentiality categories for the basis of their audit,” said Joseph Kirkpatrick, President of KirkpatrickPrice. “Wowrack delivers trust-based services to their clients, and by communicating the results of this audit, their clients can be assured of their reliance on Wowrack’s controls.”

About Wowrack Wow Technologies, Inc. (Wowrack) was founded in 2001 as a customer-centric cloud service provider offering various IT services, including Hosting services, Colocation, Cloud Backup, Managed Services, Disaster Recovery Solutions, and more. Our competency includes infrastructure design, provision, implementation, management, as well as compliance and high traffic web application monitoring that require scalability, fast performing, and secure infrastructure.

Also follow Wowrack on Social Media : Facebook page, Instagram (@wowrack),  LinkedIn, and Twitter 

About KirkpatrickPrice KirkpatrickPrice is a licensed CPA firm, PCI QSA, and a HITRUST CSF Assessor, registered with the PCAOB, providing assurance services to 1,000 clients in more than 48 states, Canada, Asia, and Europe. The firm has more than a decade of experience in information security and compliance assurance by performing assessments, audits, and tests that strengthen information security and internal controls. KirkpatrickPrice most commonly provides advice on SOC 1, SOC 2, PCI DSS, HIPAA, HITRUST CSF, GDPR, ISO 27001, FISMA, and CFPB frameworks. For more information, visit www.kirkpatrickprice.com, follow KirkpatrickPrice on Twitter (@KPAudit), or connect with KirkpatrickPrice on LinkedIn.

Rate this article

The post Wowrack Completes SOC 2 Type II / SSAE 18 Audit appeared first on Wowrack Blog.

Original Article Posted At: https://ift.tt/38MAwxi

Original Post from SC Magazine Author: Doug Olenick

Rebecca Wynn Head of Information Security & Data Protection Officer Matrix Medical Network

Why Nominated: Rebecca Wynn is responsible for fortifying Matrix Medical Network’s systems and data against increasingly sophisticated cyberattacks against health care providers, including data breaches, ransomware and IoT medical device exploitation. But her influence doesn’t stop at health care – Wynn boasts a proven track record of securing data and systems across a wide swath of industries, including government, financial services, fintech, information technology, legal, semiconductors and retail.

Profile: Matrix Medical Network (MMN) provides patients across the U.S. access to in-home medical assessments, offering a network of thousands of providers across all 50 states. Since joining the Scottsdale, Ariz.-based company in March 2017, it’s been Wynn’s job to ensure that Matrix’s enterprise systems are safeguarded at all times, that sensitive customer and business data remains inaccessible to unauthorized parties and that the company meets compliance requirements for such standards as SOX, HIPAA, HITECH and HITRUST CSF.

But Wynn’s contributions extend beyond the mere walls of MMN. In 2018 and 2019 alone, Wynn and her teachings have been featured in at least 18 speaking engagements and 15 publications. Recent credits include a “Nation-State Security Trends Report” whitepaper, the whitepaper “Implementing a Risk-Based Cyber Security Framework,” and a keynote address at FutureCon in Phoenix, Arizona.

Wynn has over 17 years of experience in information security and related fields. A past SC Media “Women in Security” and “Reboot” honoree, she was also named as the 2017 Cybersecurity Professional of the Year by the Cybersecurity Excellence Awards, and a Women in Technology Business Role Model of the Year finalist in 2018.

What colleagues say: “Rebecca is hands down one of the most dedicated and informed cybersecurity professionals I’ve worked with. She has a unique skill set that allows her to communicate across all layers within an organization any potential risks. She develops tactical action plans to mitigate risks and then delivers those plans with a focus on exceeding governance and regulatory guidelines…She challenges herself and her team to approach waste and non-value-add removal in innovative ways. –  JoAnna Velez, director, continuous improvement at Blue Cross of Idaho Boise, and former director of operational excellence at Matrix Medical Network 

The post Rebecca Wynn – Matrix Medical Network appeared first on SC Media.

#gallery-0-6 { margin: auto; } #gallery-0-6 .gallery-item { float: left; margin-top: 10px; text-align: center; width: 33%; } #gallery-0-6 img { border: 2px solid #cfcfcf; } #gallery-0-6 .gallery-caption { margin-left: 0; } /* see gallery_shortcode() in wp-includes/media.php */

Go to Source Author: Doug Olenick Rebecca Wynn – Matrix Medical Network Original Post from SC Magazine Author: Doug Olenick Rebecca WynnHead of Information Security & Data Protection Officer…

HITRUST CSF Certification is required for many organizations in the healthcare industry that handle Protected Health Information (PHI). With CyberCrest’s proven methodology and expertise, your organization can achieve and continuously maintain HITRUST compliance with our readiness assessment services, validated assessment support services, and comprehensive remediation services.

HITRUST issues guidance for relying on work of internal audit departments in CSF assessments

http://i.securitythinkingcap.com/RD9Z3n

Hi /r/technology!​My name is Blaise Wabo, and I help organizations ensure that their web infrastructure is secure from cybersecurity threats, especially when compliance requirements are codified in law, as is the case in the healthcare industry. Rapidly changing healthcare and cybersecurity threats are both frequently making news headlines. Considering our country’s growing reliance on web-based solutions for day-to-day services like healthcare, and increasing cybersecurity threats from malefactors, sensitive health data must be handled with the utmost care – per standards such as the HIPAA privacy rule. A lot of changes have gone into effect recently, particularly with HITRUST including: *CSF v9.2 released Jan 21, 2019  *HITRUST Validated Assessment QA changes effective April 1, 2019  *Interim Assessment changes effective April 1, 2019​We're here to answer any of your questions relating to HIPAA and HITRUST compliance, HIPAA hosting requirements, audit procedures, and cybersecurity.​HIPAA Assessor, Blaise Wabo's bio:​Blaise Wabo is a Senior Manager at A-LIGN focused on performing HIPAA, SOC 1, SOC 2, and HITRUST examinations in various industries including healthcare, SaaS/PaaS/IaaS, payroll, and collections. Blaise holds the following certifications and accreditations: Certified Public Accountant (CPA), Certificate of Cloud Security Knowledge (CCSK), HITRUST Certified CSF Practitioner (HITRUST CCSFP) and Certified Information Systems Auditor (CISA).​About Atlantic.Net:​Atlantic.Net was formed in 1994 and specializes in providing HIPAA Compliant Hosting, Managed Hosting, Dedicated Hosting, Cloud Hosting, and more. We have both domestic and international data center operations, focused on implementing tailored hosting solutions. Atlantic.Net is a global web hosting provider with over 24 years of experience, specializing in Windows, Linux and FreeBSD server hosting. Atlantic.Net provides developer-friendly cloud hosting with a focus on simplifying the experience for users. Additionally, Atlantic.Net offers fully managed environments and security and compliance focused solutions across all its hosting facilities in San Francisco, New York, London, Toronto, Dallas, and Orlando. With a range of certifications and an SSAE 16 (SOC 1) TYPE II (Formerly SAS 70) audited data centers that the company owns and operates, the company is also known for its reliability, as dictated by its 100 percent uptime service-level agreement (SLA). For more information, please visit www.atlantic.net.​About A-LIGN:​A-LIGN is one of a limited number of solution providers that can offer a consolidated approach to information technology and information security audits. A-LIGN is a HITRUST CSF Assessor firm, Qualified Security Assessor Company, Accredited ISO 27001 Certification Body, Accredited FedRAMP 3PAO and licensed CPA firm. With the ability to work with small businesses to the largest of enterprises, A-LIGN leverages its industry expertise to guide organizations towards security, compliance and privacy services that will enhance their information security to prevent cyber threats, and reduce risk, turning their security into a competitive edge. For more information, visit www.A-LIGN.com.​Please Note: I WILL BEGIN ANSWERING QUESTIONS AT 1PM EST ON MAY 16TH.​My Proof: https://twitter.com/BlazeWabo/status/1128710854306869248 via /r/technology

Paubox Achieves HITRUST CSF® Certification to Manage Risk, Improve Security Posture and Meet Compliance Requirements

  As we’ve mentioned a number of times – at Paubox we take securing your data seriously and it’s embedded into our company culture.

Which is why we are very proud to have Paubox Encrypted Email, Secure Email API, Email DLP Suite and Inbound Security products achieve HITRUST CSF Certified status.

HITRUST CSF Certified status demonstrates that our solutions have met key regulatory requirements and industry-defined requirements and is appropriately managing risk.

This achievement places Paubox in an elite group of organizations worldwide that have earned this certification. By including federal and state regulations, standards and frameworks, and incorporating a risk-based approach, the HITRUST CSF helps organizations address these challenges through a comprehensive and flexible framework of prescriptive and scalable security controls.

At this time we believe Paubox to be the only HIPAA compliant email provider to have their solution achieve HITRUST CSF Certified status.

“Our customers are trusting us to meet complex compliance requirements such as HIPAA, NIST, ISO and COBIT,” said Hoala Greevy, Founder CEO of Paubox. “The HITRUST CSF is the gold-standard that needs to be met, and we are very pleased to be able to demonstrate our commitment by achieving HITRUST CSF Certification for our systems.”

“The HITRUST CSF has become the information protection framework for the health care industry, and the CSF Assurance program is bringing a new level of effectiveness and efficiency to third-party assurance,” said Ken Vander Wal, Chief Compliance Officer, HITRUST. “The HITRUST CSF Certification is now the benchmark that organizations required to safeguard PHI are measured against with regards to information protection.”

You can read more about our HITRUST journey in these posts.

About HITRUST

Founded in 2007, HITRUST Alliance is a not-for-profit organization whose mission is to champion programs that safeguard sensitive information and manage information risk for organizations across all industries and throughout the third-party supply chain.

In collaboration with privacy, information security and risk management leaders from both the public and private sectors, HITRUST develops, maintains and provides broad access to its widely adopted common risk and compliance management and de-identification frameworks; related assessment and assurance methodologies; and initiatives advancing cyber sharing, analysis, and resilience.

  The post Paubox Achieves HITRUST CSF® Certification to Manage Risk, Improve Security Posture and Meet Compliance Requirements appeared first on Paubox.

Source: https://www.paubox.com/blog/paubox-achieves-hitrust-csf-certification

TwitterFeed

We just published CCM Mappings to Shared Assessments 2017 AUP, PCI DSS v3.2, CIS-AWS-Foundation v1.1, HITRUST CSF v8.1, NZISM v2.5. We updated CAIQ as well. @cloudsa pic.twitter.com/jFIYufOOUl

— J.R. Santos (@CSAResearchGuy) October 24, 2017