The Schellman Blog

Many cloud service providers (CSPs) are not fully addressing the database scanning requirements for FedRAMP and have questions related to database security and FedRAMP. This article details the issues associated with not meeting the database scanning requirement, the most common reasons why this occurs, what can be done to improve this and what to consider with database security beyond scanning.

Security is vital to the healthcare industry. Thirteen percent of CIOs, CTOs and CSOs reported being targeted by external threat attempts almost once a day, and 12 percent reported about two or more attacks per week. Furthermore, 16 percent of healthcare organizations admitted they are unable to detect in real time if their systems are compromised.

As larger players in the healthcare industry like Anthem, Humana, and UnitedHealth Group begin to embrace the HITRUST Common Security Framework (CSF) in an attempt to manage the ever-evolving compliance landscape, the desire for HITRUST certification has increased exponentially. However, for many organizations the road to certification is a long one.

Healthcare service providers are being told that they must begin their HITRUST Validated Assessment process soon, especially to meet the 2017 deadline for HITRUST Certification. The looming deadline and the lack of familiarity with the validation process are causing some fear. But have no fear! This article will provide guidance on the process and the necessary information needed to navigate the Validated Assessment process and obtain certification.

As organizations grow and expand their client base, especially in regulated or security-conscious industries, the demand for third-party assurance has never been higher. It’s common to be faced with requests for both an ISO 27001 certification and a SOC 2 report, but you may be wondering if they are really different. Companies often ask, “can my ISO 27001 certification cover what’s needed for SOC 2?” or “do I really need both?”

With growing scrutiny in healthcare and a record number of breaches increasing at an alarming rate, healthcare organizations are taking preventive measures in order to avoid breaches and possible fines. However, healthcare organizations are confused on what measures they need to take in order to protect healthcare information.

Surprisingly, business leaders—not IT departments—are the driving force behind six out of 10 migrations to the cloud. These leaders are often bothered by the nagging question, “Is the cloud secure?” This question is usually followed by a series of debates about just how secure the cloud is.

[NOTE: Schellman has since updated this content in a more recent article.] Think of your auditing firm like you would a long-term business partner. They are someone you will work with year after year, and they will be an integral part of setting the stage for your organization’s success. As such, the act of selecting the appropriate assessor shouldn’t be taken lightly. Here are several key qualities your organization should look for when choosing an auditing firm: