Discovering what’s missing: HIPAA, Sarbanes-Oxley and ISO 17799 / 27001 gap analysis

As its name suggests, a gap analysis looks at where something is missing in how you go about your work. We’re here to guide you through plugging those gaps.

The Health Insurance Portability and Accountability Act (HIPAA) of 1996 – is legislation that’s in place to ensure any information about healthcare patients is confidential. Its legal requirements apply to any records from which a person can be identified, stored in any electronic way.

By adopting a system of administrative simplification, we can make use of sub-sections on privacy and security of patient data which set out the need for standards in safeguarding for physical data storage and its maintenance.

Sarbanes-Oxley – stipulates that a chief executive officer and a chief financial officer must sign-off as to the integrity of a company’s financials, including internal controls.

It is in place as a check which makes sure upper-level management take a personal interest in making sure that appropriate security controls are in place.

ISO 17799 / 27001 – are information security management systems. In other words, it’s a recognized way of managing sensitive information and keeping it secure as it passes through people, processes and IT systems.

To fulfill your HIPAA, Sarbanes-Oxley and ISO 17799 needs, we’ll work with you to:

  • Review your current information security policy and information security management system
  • Conduct a risk assessment workshop
  • Develop appropriate control objectives for the security of your data, which we call a statement of applicability
  • Review the controls which are put in place through an audit made up of interviews, observations and inspections
  • Prepare and conduct a workshop about the information security management status and findings
  • Prepare a final report with recommendations for improvement and options for implementation – in other words, filling the gaps!

This solution will provide you with an independent, expert assessment of what you need to do to make your company’s data compliant. We’re here to guide you to a safer future.