The gap analysis is an audit that is focused on identifying appropriate implementation of HIPAA, Sarbanes-Oxley or ISO17799 and outlining the improvements required to achieve this. HIPAA intends to ensure patient confidentiality for all health care related information. The requirements of HIPAA apply to any entity storing and/or transmitting patient identifiable information on electronic media. The key element of Administrative Simplification includes sub-sections on the privacy and security of patient data that mandate standards in safeguards for physical storage & maintenance, transmission, and access to individual health information. Sarbanes-Oxley mandates that the CEO and CFO sign off on the integrity of a company’s financials (including internal controls). In essence this requires that upper-level management take a personal interest in making sure security controls are in place. ISO 17799 describes an Information Security Management System (ISMS), a systematic approach to managing sensitive company information so that it remains secure. It encompasses people, processes and IT systems. The components of this offering are:
- Review Information Security Policy, and current Information Security Management System
- Conduct a Risk Assessment Workshop
- Develop the appropriate control objectives (Statement of Applicability)
- Review controls through Audit (interview, observation, inspection)
- Prepare and conducts Information Security Management status report & findings workshop
- Prepare Final report with recommendations for improvement and options for implementation of HIPAA, Sarbanes-Oxley or ISO17799
This solution provides an independent, expert assessment of the gap between current Information Security Management System and an implementation of a HIPAA, Sarbanes-Oxley or ISO17799 compliant solution, appropriate to the customer’s organization.