ControlCase CSO, Kishor Vaswani, and HITRUST VP of Adoption, Mike Parisi take a deep dive into HITRUST.
This webinar covers the basics of HITRUST and introduces the new updates including; HITRUST Basic Assessment, HITRUST i1 Validated Assessment and HITRUST R2 Validated Assessment.
The webinar agenda includes the following:
- What is HITRUST
- What is HITRUST CSF?
- What are the HITRUST Implementation levels?
- What are the HITRUST Domains?
- What is a HITRUST Report?
- What is the HITRUST bC Assessment
- What is the HITRUST I1 Assessment?
- What is the HITRUST r2 Assessment?
- What can go wrong with a HITRUST Assessment?
- ControlCase methodology for HITRUST Compliance
HITRUST CSF is a standard built upon other standards and authoritative sources relevant to the information security & privacy industry. The HITRUST CSF:
- Harmonizes existing controls and requirements from standards, regulations, business and third-party requirements.
- Incorporates both compliance and risk management principles
- Defines a process to effectively and efficiently evaluate compliance and security risk
This deck will provide an in-depth review of the SOC 2 report objectives, updated from 2015, discuss structure and areas to focus, and participants will also benefit from valuable lessons learned from Schellman’s extensive SOC 2 experience.
Here is a brief description of cybersecurity audit and the best practices for it. To know more about cybersecurity audit and information security management, click here: https://www.eccouncil.org/information-security-management/
HITRUST CSF is a standard built upon other standards and authoritative sources relevant to the information security & privacy industry. The HITRUST CSF:
- Harmonizes existing controls and requirements from standards, regulations, business and third-party requirements.
- Incorporates both compliance and risk management principles
- Defines a process to effectively and efficiently evaluate compliance and security risk
This deck will provide an in-depth review of the SOC 2 report objectives, updated from 2015, discuss structure and areas to focus, and participants will also benefit from valuable lessons learned from Schellman’s extensive SOC 2 experience.
Here is a brief description of cybersecurity audit and the best practices for it. To know more about cybersecurity audit and information security management, click here: https://www.eccouncil.org/information-security-management/
SOC-2 Compliance Status Report sample v10.0Mark S. Mahre
An effective way to communicate to the Stakeholders, Executive Sponsors and Project Team Members, I use this status report format on a bi-monthly basis.
What is GRC – Governance, Risk and Compliance BOC Group
A simple guide to learn what Governance, Risk and Compliance (GRC) is all about, why it’s important and how you can use it to help drive enterprise objectives.
For more information visit: https://www.boc-group.com/governance-risk-and-compliance/
ControlCase covers the following:
- What does SOC stand for?
- What is SOC 2 compliance?
- What is SOC 2 certification?
- What is a SOC 2 report?
- Who can perform a SOC 2 audit?
- How do managed service providers comply with SOC 2
- How to lower cost of SOC 2 audit?
- ControlCase methodology for SOC 2 compliance
PECB Webinar: Cybersecurity Guidelines – Introduction to ISO 27032PECB
The webinar covers:
• An overview of Cybersecurity
• Explaining of Cybersecurity Relationship with other types of security
• Guidance for addressing common Cybersecurity issues.
• Convincing stakeholders to collaborate on resolving Cybersecurity issues.
Presenter:
This webinar was presented by PECB Partner and Trainer Mr. Fabrice DePaepe, who is Managing Director at Nitroxis Sprl and has more than 15 years of experience in IT and Information Security.
Link of the recorded session published on YouTube: https://youtu.be/fQUSQEoLsYc
Secrets to managing your Duty of Care in an ever- changing world.
How well do you know your risks?
Are you keeping up with your responsibilities to provide Duty of Care?
How well are you prioritising Cybersecurity initiatives?
Liability for Cybersecurity attacks sits with Executives and Board members who may not have the right level of technical security knowledge. This session will outline what practical steps executives can take to implement a Cybersecurity Roadmap that is aligned with its strategic objectives.
Led by Krist Davood, who has spent over 28 years implementing secure mission critical systems for executives. Krist is an expert in protecting the interconnectedness of technology, intellectual property and information systems, as evidenced through his roles at The Good Guys, Court Services Victoria and Schiavello.
The seminar will cover:
• Fiduciary responsibility
• How to efficiently deal with personal liability and the threat of court action
• The role of a Cybersecurity Executive Dashboard and its ability to simplify risk and amplify informed decision making
• How to identify and bridge the gap between your Cybersecurity Compliance Rating and the threat of court action
Introduction to Risk Management via the NIST Cyber Security FrameworkPECB
The cyber security profession has successfully established explicit guidance for practitioners to implement effective cyber security programs via the NIST Cyber Security Framework (CSF). The CSF provides both a roadmap and a measuring stick for effective cyber security. Application of the CSF within cyber is nothing new, but the resurgence of Enterprise Security Risk Management and Security Convergence highlight opportunities for expanded application for cyber, physical, and personnel security risks. This NIST CSF can help practitioners build a cross-pollenated understanding of holistic risk.
Main points covered:
• Understand the purpose, value, and application of the NIST CSF in familiar non-technical terms.
• Understand how the Functions and Categories of the NIST CSF (the CSF “Core”) and an organization's “current” and “target” profiles are relevant and valuable in a variety of sectors and environments.
• Understand how an organization’s physical and cyber security resources and stakeholders can align with the NIST CSF as a tool to achieve holistic security risk management.
Presenters:
David Feeney, CPP, PMP has 17 years of security industry experience assisting organizations with risk management matters specific to physical, personnel, and cyber security. He has 9 years of experience with service providers and 8 years of experience within enterprise security organizations. David has worked with industry leaders in the energy, technology, healthcare, and real estate sectors. Areas of specialization include Security Operations Center design and management, Security Systems design and implementation, and Enterprise Risk Management. David holds leadership positions in ASIS International and is also a member of the InfraGard FBI program. David holds Certification Protection Professional (CPP) and Project Management Professional (PMP) certifications.
Andrea LeStarge, MS has over ten years of experience in program management, risk analysis and curriculum development. Being specialized in Homeland Security, Andrea leverages her experience in formerly managing projects to support various Federal Government entities in identifying, detecting and responding to man-made, natural and cyber incidents. She has an established track record in recognizing security gaps and corrective risk mitigation options, while effectively communicating findings to stakeholders, private sector owners and operators, and first-responder personnel within tactical, operational and strategic levels. Overall, Andrea encompasses analytical tradecraft and demonstrates consistent, repeatable and defensible methodologies pertaining to risk and the elements of threat, vulnerability and consequence.
Recorded webinar: https://youtu.be/hxpuYtMQgf0
Enterprise Security Architecture for Cyber SecurityThe Open Group SA
Cyber Security is one of the major challenges facing organisations within all industries. This presentation will examine the integration of an Enterprise Architecture approach with an Enterprise Security Architecture approach (TOGAF and SABSA) and propose a generic framework.
Download this presentation at http://opengroup.co.za/presentations
Summarize the design and build approach for SOC (Security Operation Center) for both end user company and service providers. Defines the approach flow for SOC building and various components and phases involved. Defines design thumb rules and parameters for SOC Design.
Hitrust: Navigating to 2017, Your Map to HITRUST CertificationSchellman & Company
Organizations in the healthcare industry are under immense pressure to improve quality, reduce complexity, increase efficiency and better manage medical expenses.
The HITRUST Common Security Framework (CSF) was developed to address the myriad of security, privacy and regulatory challenges facing healthcare organizations and their sub-service providers. By including federal and state regulations, standards and frameworks, and incorporating a risk-based approach, the CSF assists organizations address these challenges through a comprehensive framework of prescriptive and scalable security control.
Lawrbit Compliance Audit Management Solution brings regulatory intelligence and technology bundled into a single framework to help audit and consulting firms to ensure auditors are aware of all provisions of various laws applicable on clients and also automate the regulatory audit processes.
Integrating technology solutions in compliance audit process enables auditors to reap maximum benefits by adopting best practices, reduces errors, costs, improves efficiencies and ROI. The auditor can manage wide range of audit-related activities, data and processes through a single, comprehensive framework.
SOC-2 Compliance Status Report sample v10.0Mark S. Mahre
An effective way to communicate to the Stakeholders, Executive Sponsors and Project Team Members, I use this status report format on a bi-monthly basis.
What is GRC – Governance, Risk and Compliance BOC Group
A simple guide to learn what Governance, Risk and Compliance (GRC) is all about, why it’s important and how you can use it to help drive enterprise objectives.
For more information visit: https://www.boc-group.com/governance-risk-and-compliance/
ControlCase covers the following:
- What does SOC stand for?
- What is SOC 2 compliance?
- What is SOC 2 certification?
- What is a SOC 2 report?
- Who can perform a SOC 2 audit?
- How do managed service providers comply with SOC 2
- How to lower cost of SOC 2 audit?
- ControlCase methodology for SOC 2 compliance
PECB Webinar: Cybersecurity Guidelines – Introduction to ISO 27032PECB
The webinar covers:
• An overview of Cybersecurity
• Explaining of Cybersecurity Relationship with other types of security
• Guidance for addressing common Cybersecurity issues.
• Convincing stakeholders to collaborate on resolving Cybersecurity issues.
Presenter:
This webinar was presented by PECB Partner and Trainer Mr. Fabrice DePaepe, who is Managing Director at Nitroxis Sprl and has more than 15 years of experience in IT and Information Security.
Link of the recorded session published on YouTube: https://youtu.be/fQUSQEoLsYc
Secrets to managing your Duty of Care in an ever- changing world.
How well do you know your risks?
Are you keeping up with your responsibilities to provide Duty of Care?
How well are you prioritising Cybersecurity initiatives?
Liability for Cybersecurity attacks sits with Executives and Board members who may not have the right level of technical security knowledge. This session will outline what practical steps executives can take to implement a Cybersecurity Roadmap that is aligned with its strategic objectives.
Led by Krist Davood, who has spent over 28 years implementing secure mission critical systems for executives. Krist is an expert in protecting the interconnectedness of technology, intellectual property and information systems, as evidenced through his roles at The Good Guys, Court Services Victoria and Schiavello.
The seminar will cover:
• Fiduciary responsibility
• How to efficiently deal with personal liability and the threat of court action
• The role of a Cybersecurity Executive Dashboard and its ability to simplify risk and amplify informed decision making
• How to identify and bridge the gap between your Cybersecurity Compliance Rating and the threat of court action
Introduction to Risk Management via the NIST Cyber Security FrameworkPECB
The cyber security profession has successfully established explicit guidance for practitioners to implement effective cyber security programs via the NIST Cyber Security Framework (CSF). The CSF provides both a roadmap and a measuring stick for effective cyber security. Application of the CSF within cyber is nothing new, but the resurgence of Enterprise Security Risk Management and Security Convergence highlight opportunities for expanded application for cyber, physical, and personnel security risks. This NIST CSF can help practitioners build a cross-pollenated understanding of holistic risk.
Main points covered:
• Understand the purpose, value, and application of the NIST CSF in familiar non-technical terms.
• Understand how the Functions and Categories of the NIST CSF (the CSF “Core”) and an organization's “current” and “target” profiles are relevant and valuable in a variety of sectors and environments.
• Understand how an organization’s physical and cyber security resources and stakeholders can align with the NIST CSF as a tool to achieve holistic security risk management.
Presenters:
David Feeney, CPP, PMP has 17 years of security industry experience assisting organizations with risk management matters specific to physical, personnel, and cyber security. He has 9 years of experience with service providers and 8 years of experience within enterprise security organizations. David has worked with industry leaders in the energy, technology, healthcare, and real estate sectors. Areas of specialization include Security Operations Center design and management, Security Systems design and implementation, and Enterprise Risk Management. David holds leadership positions in ASIS International and is also a member of the InfraGard FBI program. David holds Certification Protection Professional (CPP) and Project Management Professional (PMP) certifications.
Andrea LeStarge, MS has over ten years of experience in program management, risk analysis and curriculum development. Being specialized in Homeland Security, Andrea leverages her experience in formerly managing projects to support various Federal Government entities in identifying, detecting and responding to man-made, natural and cyber incidents. She has an established track record in recognizing security gaps and corrective risk mitigation options, while effectively communicating findings to stakeholders, private sector owners and operators, and first-responder personnel within tactical, operational and strategic levels. Overall, Andrea encompasses analytical tradecraft and demonstrates consistent, repeatable and defensible methodologies pertaining to risk and the elements of threat, vulnerability and consequence.
Recorded webinar: https://youtu.be/hxpuYtMQgf0
Enterprise Security Architecture for Cyber SecurityThe Open Group SA
Cyber Security is one of the major challenges facing organisations within all industries. This presentation will examine the integration of an Enterprise Architecture approach with an Enterprise Security Architecture approach (TOGAF and SABSA) and propose a generic framework.
Download this presentation at http://opengroup.co.za/presentations
Summarize the design and build approach for SOC (Security Operation Center) for both end user company and service providers. Defines the approach flow for SOC building and various components and phases involved. Defines design thumb rules and parameters for SOC Design.
Hitrust: Navigating to 2017, Your Map to HITRUST CertificationSchellman & Company
Organizations in the healthcare industry are under immense pressure to improve quality, reduce complexity, increase efficiency and better manage medical expenses.
The HITRUST Common Security Framework (CSF) was developed to address the myriad of security, privacy and regulatory challenges facing healthcare organizations and their sub-service providers. By including federal and state regulations, standards and frameworks, and incorporating a risk-based approach, the CSF assists organizations address these challenges through a comprehensive framework of prescriptive and scalable security control.
Lawrbit Compliance Audit Management Solution brings regulatory intelligence and technology bundled into a single framework to help audit and consulting firms to ensure auditors are aware of all provisions of various laws applicable on clients and also automate the regulatory audit processes.
Integrating technology solutions in compliance audit process enables auditors to reap maximum benefits by adopting best practices, reduces errors, costs, improves efficiencies and ROI. The auditor can manage wide range of audit-related activities, data and processes through a single, comprehensive framework.
In today’s business environment, organizations have a responsibility to their employees, clients, and customers to ensure the confidentiality, integrity and availability of the critical data that is entrusted to them. Every network is vulnerable to some form of attack. However it is not enough to simply confirm that a technical vulnerability exists and implement countermeasures; it is critical to repeatedly verify that the countermeasures are in place and working properly throughout the secured network. During this webinar, David Hammarberg, Principal, IT Director, and leader of McKonly & Asbury’s Cybersecurity Practice will be joined by Partner, Michael Hoffner and they will lead a discussion on a Cybersecurity Risk Management Program including what it is and how it can prepare your organization for the future.
Why a Risk Assessment is NOT Enough for HIPAA ComplianceCompliancy Group
A common misconception is that “A risk assessment makes me HIPAA compliant” Sadly this thought can cost your practice more than taking no action at all. A risk assessment is a requirement for HITECH under Meaningful Use Core Measure 15, but it does NOT make you HIPAA compliant. Furthermore it can enter you into the section of willful neglect and open your organization into the next level of fines.
Join industry experts to find out how you achieve Meaningful Use, HITECH and HIPAA compliance while protecting your practice. Don’t miss this webinar, it could be the biggest message you receive all year!
How to Interpret and Plan for the 2014 CMS CEHRT Rule Iatric Systems
* Flexibility Plan 2014 and what we know
* Mickey Waters, IT Director at Conway Medical Center – Why he chose to take advantage of the rule
* Lyndel Mead, RN, MSN, Clinical Informatics Coordinator at Peterson Regional Medical Center – Why he chose not to take advantage of the rule
* Making the best decision for your organization
* How to get personalized, expert MU advice
Navigating Trust: The Essentials of Background Verification for Credible Deci...TraQSuite
Background verification, also known as background screening or background checks, is the process of investigating and verifying the accuracy of an individual's personal, professional, educational, and sometimes criminal history. Employers, landlords, financial institutions, and various organizations often conduct background verifications to assess the credibility, reliability, and suitability of individuals for specific roles or responsibilities.
Efficient, Secure, and Tailored Background Verification SolutionsTraQSuite
Introduction: In an era where trust and reliability are paramount, businesses increasingly use advanced background verification solutions. This guide delves into the essentials of efficient, secure, and tailored background verification, providing insights into the crucial aspects contributing to a trustworthy and robust verification process.
Performing One Audit Using Zero Trust PrinciplesControlCase
In this 45 minute webinar ControlCase, TAG Cyber & Evolve MGA cover the following:
- Introductions – ControlCase, Tag Cyber & Evolve MGA
- What has current cyber security research uncovered so far?
- What are Zero Trust Principles?
- How can Zero Trust Principles be implemented in remote working environments?
- Cyber insurance for modern day exposures
Security Framework for Digital Risk ManagmentSecurestorm
A cyber security governance framework and digital risk management process for OFFICIAL environments in UK Government. A pragmatic and proportional information risk management process which can be used at speed, and is compatible with Agile projects. This is released under a Creative Commons; Attribution-Non Commercial-Share Alike 4.0 International License.
Secrets for Successful Regulatory Compliance ProjectsChristopher Foot
RDX teams up with MegaplanIT, a nationally known PCI Qualified Security Assessor, to provide strategies and best practices that can be used to adhere to all regulatory compliance frameworks.
The presentation begins with a quick overview of the most popular industry standards and regulatory requirements. MegaplanIT continues with a deep dive into the 12 PCI DSS requirements and discusses risk assessment key considerations.
RDX then follows with a discussion on AICPA's SOC 1, SOC 2 and SOC 3 compliance frameworks and 5 Trust Principles. RDX finishes the webinar by sharing numerous helpful hints, tips and best practices for implementation and ongoing adherence.
A link to a video of the presentations is provided on the last slide.
This research sets out Assessment and quality assurance SQA: quality assurance principles, elements and criteria.
How SQA monitors the way a center carries out its responsibilities depends on the type of center and the type of qualification being offered.
The most important objective of SQA’s assessment and quality assurance principles and procedures is to ensure that assessment of SQA
Developing its policy on assessment and quality assurance was one of the first tasks undertaken by all the engineers. They inherited policies and procedures from its predecessor bodies, and these had to be integrated. It also had to take account of decisions already made in relation to the new Higher Still provision.
Assessment and quality assurance SQA works in partnership with centers to ensure that all of its qualifications are subject to rigorous quality assurance and has now drawn up a number of quality assurance principles to maximize the effectiveness of its partnership.
Specific elements of quality assurance are based on these principles, and each element consists of a number of criteria. The elements and criteria are designed to ensure that all SQA qualifications are assessed to national standards.
By reading this publication, staff in centers should develop an understanding of the criteria and of the ways we can work together to ensure that all SQA qualifications continue to meet the requirements of the engineers.
What problems are we exist between IT Security and Cyber Insurance?
Correlation between Cyber Maturity and Cyber Insurance
Why is this Urgent?
What You can Do Today to Reduce Risk?
2022 Webinar - ISO 27001 Certification.pdfControlCase
ControlCase Introduction
What is ISO 27001?
What is ISO 27002?
What is ISO 27701, ISO 27017, & ISO 27018?
What is an ISMS?
What is ISO 27001 Certification?
Who Needs ISO 27001?
What is Covered in ISO 27001?
How Many Controls in ISO 27001?
What is the ISO 27001 Certification Process?
How Often Do You Need ISO 27001 Certification?
What are the Challenges to ISO 27001 Compliance?
Why ControlCase?
Hosted by ControlCase and the PCI Security Standards Council, this 45-minute webinar will cover:
History of PCI DSS (including current version 3.2)
PCI DSS v4.0 High-Level Changes
PCI DSS v4.0 Timeline
Deep Dive into notable changes:
Promote Security as a Continuous Process
Increased Flexibility and Customized Approach
Increased Alignment between PCI ROC and PCI SAQ
Keep up with the security needs of the Payment Industry and landscape (such as MFA/phishing, etc.)
ControlCase Methodology for v4.0
Q&A
In this deck ControlCase will discuss the following:
What is CMMC 2.0?
Who does CMMC 2.0 apply to?
What is the accreditation body (CMMC-AB)?
What is a CMMC Third Party Organization (C3PAO)?
What does CMMC mean for Cybersecurity?
What are the CMMC certification levels?
How often is CMMC needed?
CMMC and NIST
What is the CMMC Assessment process?
ControlCase covers the following:
- What is CMMC?
- Who does CMMC apply to?
What is the accreditation body (CMMC-AB)?
- What is a CMMC Third Party Organization (C3PAO)?
- What does CMMC mean for Cybersecurity?
- What are the CMMC certification levels?
- How often is CMMC needed?
- CMMC and NIST
- What is the CMMC Assessment process?
Click Here to visit the FedRAMP blog - https://www.controlcase.com/what-is-fedramp/?utm_source=webinar&utm_campaign=webinar
Click Here for FedRAMP Compliance Checklist - https://www.controlcase.com/fedramp-checklist-lp/?utm_source=webinar&utm_campaign=webinar
ControlCase covers the following:
- What is FedRAMP?
- What is FedRAMP Marketplace?
- Who does FedRAMP apply to?
- How hard is it to get FedRAMP certified?
- How long does the FedRAMP process take?
- How to get FedRAMP certified?
- ControlCase methodology for FedRAMP compliance
ControlCase covers the following:
•What is PCI DSS?
•What does PCI DSS stand for?
•What is the purpose of PCI DSS?
•Who does PCI DSS apply to?
•What are the 12 requirements of PCI DSS?
•What are the 6 Principles of PCI DSS?
•What are the potential liabilities for not complying with PCI DSS?
•How can we achieve compliance in a cost effective manner?
OneAudit™ - Assess Once, Certify to ManyControlCase
ControlCase covers the following:
•About PCI DSS, ISO 27001, NERC, HIPAA, and FISMA
•Best Practices and Cloud Implications for Comprehensive Compliance within IT Standards/Regulations
•Challenges in the Comprehensive Compliance Space
ControlCase discusses the following:
• About the different Regulations
• Components for Continuous Compliance Monitoring within IT Standards/Regulations
• Recurrence Frequency and Calendar
• Challenges in Continuous Compliance Monitoring
Managing Multiple Assessments Using Zero Trust PrinciplesControlCase
ControlCase discusses the following:
•What is “One Audit” for multiple assessments
•Current Research
•Zero Trust Principles for IT security
•Remote Assessment Methodology
ControlCase discusses the following:
•About the cloud
•About PCI DSS
•PCI DSS in the cloud
•How to keep sensitive data secure as you move to the cloud
•Q&A
Vendor Management for PCI DSS, HIPAA, and FFIECControlCase
ControlCase covers the following:
•Requirements for PCI DSS, HIPAA, Business Associates, FFIEC and Banking Service Providers
•What is Vendor Management
•Why is Continual Compliance a challenge in Vendor Management
•How to mix technology and manual processes for effective Vendor Management
Putting the SPARK into Virtual Training.pptxCynthia Clay
This 60-minute webinar, sponsored by Adobe, was delivered for the Training Mag Network. It explored the five elements of SPARK: Storytelling, Purpose, Action, Relationships, and Kudos. Knowing how to tell a well-structured story is key to building long-term memory. Stating a clear purpose that doesn't take away from the discovery learning process is critical. Ensuring that people move from theory to practical application is imperative. Creating strong social learning is the key to commitment and engagement. Validating and affirming participants' comments is the way to create a positive learning environment.
Falcon stands out as a top-tier P2P Invoice Discounting platform in India, bridging esteemed blue-chip companies and eager investors. Our goal is to transform the investment landscape in India by establishing a comprehensive destination for borrowers and investors with diverse profiles and needs, all while minimizing risk. What sets Falcon apart is the elimination of intermediaries such as commercial banks and depository institutions, allowing investors to enjoy higher yields.
RMD24 | Debunking the non-endemic revenue myth Marvin Vacquier Droop | First ...BBPMedia1
Marvin neemt je in deze presentatie mee in de voordelen van non-endemic advertising op retail media netwerken. Hij brengt ook de uitdagingen in beeld die de markt op dit moment heeft op het gebied van retail media voor niet-leveranciers.
Retail media wordt gezien als het nieuwe advertising-medium en ook mediabureaus richten massaal retail media-afdelingen op. Merken die niet in de betreffende winkel liggen staan ook nog niet in de rij om op de retail media netwerken te adverteren. Marvin belicht de uitdagingen die er zijn om echt aansluiting te vinden op die markt van non-endemic advertising.
VAT Registration Outlined In UAE: Benefits and Requirementsuae taxgpt
Vat Registration is a legal obligation for businesses meeting the threshold requirement, helping companies avoid fines and ramifications. Contact now!
https://viralsocialtrends.com/vat-registration-outlined-in-uae/
"𝑩𝑬𝑮𝑼𝑵 𝑾𝑰𝑻𝑯 𝑻𝑱 𝑰𝑺 𝑯𝑨𝑳𝑭 𝑫𝑶𝑵𝑬"
𝐓𝐉 𝐂𝐨𝐦𝐬 (𝐓𝐉 𝐂𝐨𝐦𝐦𝐮𝐧𝐢𝐜𝐚𝐭𝐢𝐨𝐧𝐬) is a professional event agency that includes experts in the event-organizing market in Vietnam, Korea, and ASEAN countries. We provide unlimited types of events from Music concerts, Fan meetings, and Culture festivals to Corporate events, Internal company events, Golf tournaments, MICE events, and Exhibitions.
𝐓𝐉 𝐂𝐨𝐦𝐬 provides unlimited package services including such as Event organizing, Event planning, Event production, Manpower, PR marketing, Design 2D/3D, VIP protocols, Interpreter agency, etc.
Sports events - Golf competitions/billiards competitions/company sports events: dynamic and challenging
⭐ 𝐅𝐞𝐚𝐭𝐮𝐫𝐞𝐝 𝐩𝐫𝐨𝐣𝐞𝐜𝐭𝐬:
➢ 2024 BAEKHYUN [Lonsdaleite] IN HO CHI MINH
➢ SUPER JUNIOR-L.S.S. THE SHOW : Th3ee Guys in HO CHI MINH
➢FreenBecky 1st Fan Meeting in Vietnam
➢CHILDREN ART EXHIBITION 2024: BEYOND BARRIERS
➢ WOW K-Music Festival 2023
➢ Winner [CROSS] Tour in HCM
➢ Super Show 9 in HCM with Super Junior
➢ HCMC - Gyeongsangbuk-do Culture and Tourism Festival
➢ Korean Vietnam Partnership - Fair with LG
➢ Korean President visits Samsung Electronics R&D Center
➢ Vietnam Food Expo with Lotte Wellfood
"𝐄𝐯𝐞𝐫𝐲 𝐞𝐯𝐞𝐧𝐭 𝐢𝐬 𝐚 𝐬𝐭𝐨𝐫𝐲, 𝐚 𝐬𝐩𝐞𝐜𝐢𝐚𝐥 𝐣𝐨𝐮𝐫𝐧𝐞𝐲. 𝐖𝐞 𝐚𝐥𝐰𝐚𝐲𝐬 𝐛𝐞𝐥𝐢𝐞𝐯𝐞 𝐭𝐡𝐚𝐭 𝐬𝐡𝐨𝐫𝐭𝐥𝐲 𝐲𝐨𝐮 𝐰𝐢𝐥𝐥 𝐛𝐞 𝐚 𝐩𝐚𝐫𝐭 𝐨𝐟 𝐨𝐮𝐫 𝐬𝐭𝐨𝐫𝐢𝐞𝐬."
Digital Transformation and IT Strategy Toolkit and TemplatesAurelien Domont, MBA
This Digital Transformation and IT Strategy Toolkit was created by ex-McKinsey, Deloitte and BCG Management Consultants, after more than 5,000 hours of work. It is considered the world's best & most comprehensive Digital Transformation and IT Strategy Toolkit. It includes all the Frameworks, Best Practices & Templates required to successfully undertake the Digital Transformation of your organization and define a robust IT Strategy.
Editable Toolkit to help you reuse our content: 700 Powerpoint slides | 35 Excel sheets | 84 minutes of Video training
This PowerPoint presentation is only a small preview of our Toolkits. For more details, visit www.domontconsulting.com
Unveiling the Secrets How Does Generative AI Work.pdfSam H
At its core, generative artificial intelligence relies on the concept of generative models, which serve as engines that churn out entirely new data resembling their training data. It is like a sculptor who has studied so many forms found in nature and then uses this knowledge to create sculptures from his imagination that have never been seen before anywhere else. If taken to cyberspace, gans work almost the same way.
Discover the innovative and creative projects that highlight my journey throu...dylandmeas
Discover the innovative and creative projects that highlight my journey through Full Sail University. Below, you’ll find a collection of my work showcasing my skills and expertise in digital marketing, event planning, and media production.
RMD24 | Retail media: hoe zet je dit in als je geen AH of Unilever bent? Heid...BBPMedia1
Grote partijen zijn al een tijdje onderweg met retail media. Ondertussen worden in dit domein ook de kansen zichtbaar voor andere spelers in de markt. Maar met die kansen ontstaan ook vragen: Zelf retail media worden of erop adverteren? In welke fase van de funnel past het en hoe integreer je het in een mediaplan? Wat is nu precies het verschil met marketplaces en Programmatic ads? In dit half uur beslechten we de dilemma's en krijg je antwoorden op wanneer het voor jou tijd is om de volgende stap te zetten.
Buy Verified PayPal Account | Buy Google 5 Star Reviewsusawebmarket
Buy Verified PayPal Account
Looking to buy verified PayPal accounts? Discover 7 expert tips for safely purchasing a verified PayPal account in 2024. Ensure security and reliability for your transactions.
PayPal Services Features-
🟢 Email Access
🟢 Bank Added
🟢 Card Verified
🟢 Full SSN Provided
🟢 Phone Number Access
🟢 Driving License Copy
🟢 Fasted Delivery
Client Satisfaction is Our First priority. Our services is very appropriate to buy. We assume that the first-rate way to purchase our offerings is to order on the website. If you have any worry in our cooperation usually You can order us on Skype or Telegram.
24/7 Hours Reply/Please Contact
usawebmarketEmail: support@usawebmarket.com
Skype: usawebmarket
Telegram: @usawebmarket
WhatsApp: +1(218) 203-5951
USA WEB MARKET is the Best Verified PayPal, Payoneer, Cash App, Skrill, Neteller, Stripe Account and SEO, SMM Service provider.100%Satisfection granted.100% replacement Granted.
Affordable Stationery Printing Services in Jaipur | Navpack n PrintNavpack & Print
Looking for professional printing services in Jaipur? Navpack n Print offers high-quality and affordable stationery printing for all your business needs. Stand out with custom stationery designs and fast turnaround times. Contact us today for a quote!
Business Valuation Principles for EntrepreneursBen Wann
This insightful presentation is designed to equip entrepreneurs with the essential knowledge and tools needed to accurately value their businesses. Understanding business valuation is crucial for making informed decisions, whether you're seeking investment, planning to sell, or simply want to gauge your company's worth.
2. 2
www.ControlCase.com | www.HITRUSTAlliance.net | 855.HITRUST (855.448.7878)
AGENDA
• INTRODUCTIONS
• ABOUT CONTROLCASE
• WHAT IS HITRUST?
• WHAT ARE THE OBJECTIVES OF HITRUST?
• WHAT IS HITRUST CSF?
• KEY COMPONENTS OF THE HITRUST CSF ASSURANCE PROGRAM
• WHAT ARE THE HITRUST DOMAINS
• HITRUST PRESENTATION
• CONTROLCASE METHODOLOGY FOR HITRUST
• HITRUST RESULTS DISTRIBUTION SYSTEM
• Q&A
3. 3
www.ControlCase.com | www.HITRUSTAlliance.net | 855.HITRUST (855.448.7878)
ABOUT CONTROLCASE
HITRUST EXTERNAL ASSESSOR SINCE 2014
Dramatically cut the time, cost and burden from becoming certified and maintaining IT compliance.
• Demonstrate compliance more efficiently
and cost effectively (cost certainty)
• Improve efficiencies
⁃ Do more with less resources and gain
compliance peace of mind
• Free up your internal resources to focus
on their priorities
• Offload much of the compliance burden to
a trusted compliance partner
50+ 15+
200+
HITRUST
CLIENTS
HITRUST
CERTIFICATIONS
GLOBALLY
HITRUST
EXTERNAL
ASSESSORS
4. 4
www.ControlCase.com | www.HITRUSTAlliance.net | 855.HITRUST (855.448.7878)
WHAT IS HITRUST?
Founded in 2007 to help
companies safeguard sensitive
data and manage risk.
Established a certifiable framework
for organizations that create, access, store
or exchange personal health
and financial information to
implement and be certified against.
Born out of the belief that information
security is critical to the broad
adoption, utilization and confidence
in health information systems,
medical technologies and electronic
exchanges of health information.
5. 5
www.ControlCase.com | www.HITRUSTAlliance.net | 855.HITRUST (855.448.7878)
WHAT ARE THE OBJECTIVES OF HITRUST?
HITRUST aims to establish a fundamental and holistic change in the way organizations manage information security
risk by:
• Rationalizing regulations and standards into a single
overarching framework tailored for each organization.
• Deliver a prescriptive, scalable and certifiable process.
• Address inconsistent approaches to certification, risk
acceptance and adoption of compensating controls to
eliminate ambiguity in the processes.
• Enable the ability to cost-effectively monitor compliance
of organizational, business partner and governmental
requirements.
• Provide support and facilitate sharing of ideas, feedback and
experiences within the industry.
• Establish trust between organizations.
• Develop an approach for the practical, efficient and consistent
adoption of security by organizations across multiple
industries.
6. 6
www.ControlCase.com | www.HITRUSTAlliance.net | 855.HITRUST (855.448.7878)
WHAT IS THE HITRUST CSF?
HITRUST CSF
The HITRUST CSF is a certifiable framework built upon other
standards and authoritative sources relevant to the healthcare
industry
• Harmonizes the requirements of existing standards and
regulations – HIPAA, SOC, GDPR, ISO 27001, NIST 800-
53 .etc.
• Allows organizations the ability to tailor their security
control baselines based on their specific information
security requirements.
• Incorporates both compliance and risk
management principles
• Defines a process to effectively and efficiently evaluate
compliance and security risk
• Supports HITRUST Certification
7. 7
www.ControlCase.com | www.HITRUSTAlliance.net | 855.HITRUST (855.448.7878)
KEY COMPONENTS OF THE CSF ASSURANCE
PROGRAM
STANDARDIZED TOOLS & PROCESSES
Questionnaire
• Focus assurance dollars to efficiently
assess risk exposure
• Measured approach based on risk
and compliance
• Ability to escalate assurance level based
on risk
Report
• Output that is consistently interpreted across the
industry
RIGOROUS ASSURANCE
• Multiple assurance options based on risk
• Quality control processes to ensure consistent
quality and output across HITRUST External
Assessors
• Streamlined and measurable process within the
HITRUST MyCSF tool
• End User support
8. 8
www.ControlCase.com | www.HITRUSTAlliance.net | 855.HITRUST (855.448.7878)
WHAT ARE THE HITRUST DOMAINS
1. Information Protection Program
2. Endpoint Protection
3. Portable Media Security
4. Mobile Device Security
5. Wireless Security
6. Configuration Management
7. Vulnerability Management
8. Network Protection
9. Transmission Protection
10. Password Management
11. Access Control
12. Audit Logging & Monitoring
13. Education, Training and Awareness
14. Third Party Assurance
15. Incident Management
16. Business Continuity & Disaster Recovery
17. Risk Management
18. Physical & Environmental Security
19. Data Protection & Privacy
10. 10
www.ControlCase.com | www.HITRUSTAlliance.net | 855.HITRUST (855.448.7878)
Learning Objectives
• Why the Need for Information Protection Assurances
• Not all Assurances are Created Equal
• New HITRUST Assessment Portfolio
• The Inefficient Method of Authenticating, Requesting, Sharing, and Analyzing Assessment Results
• New HITRUST Results Distribution System
11. 11
www.ControlCase.com | www.HITRUSTAlliance.net | 855.HITRUST (855.448.7878)
Why the Need for Quality Information Protection Assurances
Assessed Entities Need…
• To provide credible and reliable Information risk
management assurances to internal and external
stakeholders and relying parties
• Board of Directors
• Management
• Customers
• Regulators
• Shareholders and Investors
• Cyber Insurers
•To stop wasting time performing duplicative
assessments and filling out proprietary questionnaires
they receive from customers
•To save time and money in performing assessments
Relying Parties Need…
• Assurance results they can actually rely upon
• Understanding of the suitability of the controls
• Full transparency on how the controls were scored and evaluated
• Consistency in testing and evaluation so that different assessors
reviewing the same evidence would come to the same
result/conclusion.
• Eliminate subjectivity or variability to bring integrity to the report
• Increased levels of impartiality from a centralized quality
assurance program over independent auditor
•To send proprietary questionnaires to their vendors
asking for specific information they need in the absence
of a reliable report
•To effectively manage third-party risk across hundreds or
thousands of vendors in the most efficient way.
12. 12
Self-Assessment with No Outside QA
LOW
MEDIUM
HIGH
SUITABILITY OF INFORMATION PROTECTION CONTROLS CONSIDERED
RIGOR
OF
ASSESSMENT
APPROACH
&
ASSURANCE
PROGRAM
LOW MEDIUM HIGH
THE LANDSCAPE OF
INFORMATION PROTECTION
ASSESSMENTS
Greater number of
controls
Robust approach
based on formal
maturity model
Certification Body
report
Robust, comprehensive,
prescriptive controls
Consistent methodology
and reliable approach to
meet regulations
Certification
Body report
Industry recognized
controls and good
hygiene practices
May use a risk-based,
targeted approach
Self-selected controls
with limited depth and
breadth
Ad hoc scoping
approach often uses a
simple Yes/No checklist
Industry recognized
controls selection
with greater depth
Ad hoc scoping
approach may not
be risk-based
Greater number
of controls
Approach is more
prescriptive and
comprehensive
Produces Varying Levels of Assurance,
based on…
• Suitability of information protection controls
• Rigor of assessment approach and
assurance program
Third- Party Assessment with Some Level of QA & Final Report Issued by Assessor
Third-Party Assessment, often with Certification Body QA Review and Final Report
Limited controls
Formal maturity model
Certification Body
report
Greater number of
targeted and
prescriptive controls for
Authoritative Sources
Comprehensive,
prescriptive scope
based on formal
maturity model
Self-selected controls
with limited depth and
breadth
Ad hoc scoping
approach often uses
simple Yes/No checklist
KEY
Level of Controls:
Approach:
Certification Body Report:
Impartiality:
QA & Review:
Self...........................
Self & Assessor...............
Self/Assessor/Cert Body.............
13. 13
Self-Assessment with No Outside QA
LOW
MEDIUM
HIGH
LOW MEDIUM HIGH
Greater number of
controls
Robust approach
based on formal
maturity model
Certification Body
report
Robust, comprehensive,
prescriptive controls
Consistent methodology
and reliable approach to
meet regulations
Certification
Body report
Industry recognized
controls and good
hygiene practices
May use a risk-based,
targeted approach
Self-selected controls
with limited depth and
breadth
Ad hoc scoping
approach often uses a
simple Yes/No checklist
Industry recognized
controls selection
with greater depth
Ad hoc scoping
approach may not
be risk-based
Greater number
of controls
Approach is more
prescriptive and
comprehensive
Third- Party Assessment with Some Level of QA & Final Report Issued by Assessor
Third-Party Assessment, often with Certification Body QA Review and Final Report
Limited controls
Formal maturity model
Certification Body
report
Greater number of
targeted and
prescriptive controls for
Authoritative Sources
Comprehensive,
prescriptive scope
based on formal
maturity model
Self-selected controls
with limited depth and
breadth
Ad hoc scoping
approach often uses
simple Yes/No checklist
RIGOR
OF
ASSESSMENT
APPROACH
&
ASSURANCE
PROGRAM
ASSURANCE LEVELS ARE CORRELATED
WITH CONTROLS CONSIDERED, RIGOR OF
ASSESSMENT APPROACH, AND EFFORT
SUITABILITY OF INFORMATION PROTECTION CONTROLS CONSIDERED
Level of
Effort
Characteristics of Each
High Level Assurances
• Robust Control Requirements
• Comprehensive and Prescriptive
• Formal Risk-Based Maturity Model
• Validation by Third-Party and QA by
Certifying body.
Moderate Level Assurances
• Industry-Recognized Targeted Control
Requirements
• Tested and Validated by a Third-Party
Assessor
• Provide a general assurance of an
organization’s cyber preparedness and
resilience
Low Level Assurances:
• Self-Selected Controls/ Limited Breadth
• Simple /Basic Approach
• Self-attested
14. 14
www.ControlCase.com | www.HITRUSTAlliance.net | 855.HITRUST (855.448.7878)
Need for a broader range of assurances
• By design, today’s HITRUST certification offers a
gold-standard level of assurance due to the
comprehensive control requirements and
assurance program requirements.
• As a result: It’s a heavy lift.
• A broader range of options to address varying
assurance requirements and needs is necessary.
• HITRUST will soon offer new assessments and a
new certification:
• Requiring less effort than today’s validated assessment.
• While still living up to the gold-standard level of quality
for which HITRUST certifications are known.
Assurance
Level
H
M
L
L M H
Validated
Assessment
Readiness
Assessment
Rapid
Assessment
Unaddressed
Assessment Effort
15. 15
www.ControlCase.com | www.HITRUSTAlliance.net | 855.HITRUST (855.448.7878)
Current Assessment and Certification Portfolio
• Today, the HITRUST assessment portfolio consists of the following offerings:
o HITRUST CSF Rapid Assessment: A self-assessed, security-only questionnaire facilitated through the HITRUST
Assessment Exchange (low level of assurance)
o HITRUST CSF Readiness Assessment: Assessment performed in preparation for a validated assessment (low
level of assurance)
o HITRUST CSF Validated Assessment: Assessment leading to HITRUST CSF Certification, can optionally be tailored
to include one or more authoritative source (very high level of assurance)
• HITRUST currently offers entities only one certification (the HITRUST CSF
Validated Assessment Report with Certification) at a very high level of assurance
16. 16
www.ControlCase.com | www.HITRUSTAlliance.net | 855.HITRUST (855.448.7878)
HITRUST Expanded Assurance Portfolio
Basic, Current-state (“bC”) Assessment
• Focus on good security hygiene controls in virtually any size
organization with a simple approach to evaluation, which is
suitable for rapid and/or low assurance requirements
Implemented, 1-year (“i1”) Assessment
• Focus on leading security practices with a more rigorous approach
to evaluation, which is suitable for moderate assurance
requirements
Risk-based, 2-year (“r2”) Assessment
• Renames our current “validated assessment”, otherwise
unchanged
• Focus on a comprehensive risk-based specification of controls with
a very rigorous approach to evaluation, which is suitable for high
assurance requirement
Assurance
Level
H
M
L
L M H
r2 Validated
Assessment
r2 Readiness
Assessment
Basic
Assessment
Assessment Effort
i1 Validated
Assessment
i1 Readiness
Assessment
When
The Basic and i1 assessments will be available
by the end of this calendar year
17. 17
NOT ALL ASSURANCES ARE CREATED EQUAL: BUYER BEWARE!
TRANSPARENCY
Transparency is needed for internal and external stakeholders to
understand the framework your organization uses to satisfy compliance
objectives. The framework should be publicly available, widely adopted,
and well-understood so that report recipients understand how the
controls were selected, evaluated, and scored.
Key Questions:
• Where do the assessed Controls come from?
• How do you know the control requirements are
suitable?
ACCURACY
Many other frameworks and assurance programs are qualitative,
judgment-based, and devoid of any quantitative measurements
Key Questions:
• How granular is the scoring / evaluation model to
evaluate the control environment?
• What infrastructure exists to inherit assessment
results from vendor-performed controls?
.
CONSISTENCY
When frameworks are vague, subjective, or free of maturity levels
and scoring methodologies, it becomes difficult to gauge an
organization’s posture against that of another framework or even an
industry baseline. This problem is compounded when assessment
activities are not subject to quality and integrity reviews by an
independent third-party assessor or certification body.
Key Questions:
• Can the effort result in a Certification?
• How many entities issue these certifications
or opinions?
INTEGRITY
Simply put, the integrity of your assessment reports and assurances
to internal and external stakeholders depends upon an audit and
validation process during which trained external assessors evaluate
your control requirements one by one and say things like: "Prove to
me you're doing this," or “Show me where it's documented."
Key Questions:
• Is the Assessor's methodology, testing, and
deliverables peer-reviewed by other firms?
• Are the assessor's methodology, testing, and
deliverables reviewed by an accreditation
and/or standards-enforcement body?
RELY-ABILITY
TRANSPARENCY + CONSISTENCY
+ ACCURACY + INTEGRITY
18. 18
Guide to Selecting the Right
HITRUST Assessment for Your
Organization’s Needs:
r2 Validated Assessment
(Former Name: CSF Validated Assessment)
Comprehensive, Risk-based
i1 Validated Assessment
Good Security Hygiene and Leading Security
Practices
bC Assessment
Good Security Hygiene
r2 Features:
• High level of effort and assurance
• Varies from 198 – 2000
requirements, based on inherent risk
factors and included authoritative
sources (optional)
• Scores: Policies, Procedures,
Implemented, Measured, and
Managed
• Full 5x5 PRISMA evaluation using a
comprehensive scoring rubric
• Able to demonstrate regulatory
compliance against authoritative
sources such as HIPAA and the NIST
Cybersecurity Framework
• Can be bridged by a HITRUST CSF
Bridge Certificate
• Readiness Assessment available
• 2-year certification
i1 Features:
• Moderate level of effort and
assurance
• Approx. 200 HITRUST CSF
requirements (static / fixed)
• Provides strong coverage of NIST
800-171, the GDPR Safeguards Rule,
much of the HIPAA Security Rule,
and portions of AICPA TSC
• 1 maturity level (Implemented)
• 1-year certification
• Uses an external assessor’s annual
evaluation of control implementation
along with HITRUST review and QA
• Readiness Assessment available
bC Features:
• Low level of effort and assurance
• Self-assessment only; verified by
HITRUST Assurance Intelligence
Engine
• 71 HITRUST CSF requirements
• 1 maturity level (Implemented)
• Provide coverage against NISTIR
7621, Small Business Information
Security: The Fundamentals
HITRUST Assessment Attributes
Higher Quality and Reliability at Every Level of Assurance
Each HITRUST CSF Assessment Offers
Unique, Industry-Leading Advantages,
Including:
• Single Control Framework
• Best in Class MyCSF® SaaS Assessment Platform
• Consistent Approach
• Common Assurance Methodology
• Standard Report Formatting
• Supports Inheritance
• HITRUST Assurance Intelligence EngineTM (AIE) identifies
errors, omissions, and potential deceit
• HITRUST Results Distribution System (RDS) shares
assessment results with relying parties
• And More...
19. 19
PREVIEW: Expanded HITRUST Assessment Portfolio
HITRUST CSF Basic,
Current State Assessment (bC)
(NEW)
HITRUST CSF Implemented,
1-year (i1) Assessment
(NEW)
HITRUST CSF Risk-based,
2-year (r2) Assessment
(Former Name: HITRUST CSF Validated Assessment)
Description Verified Self-Assessment Validated Assessment + Certification
Validated Assessment +
Risk-Based Certification
Purpose (Use Case)
Focus on good security hygiene controls in virtually
any size organization with a simple approach to
evaluation, which is suitable for rapid and/or low
assurance requirements
Focus on leading security practices in medium-
sized and larger organizations with a more rigorous
approach to evaluation, which is suitable for
moderate assurance requirements
Focus on a comprehensive risk-based specification
of controls suitable for most organizations with a
very rigorous approach to evaluation, which is
suitable for high assurance requirement
Number of Control Requirement Statements 71 Static 215 Static
2000+ based on Tailoring
(360 average in scope of assessments)
Specificity of Control Granular Requirements Granular Requirements Granular Requirements
Flexibility of Control Selection No Tailoring No Tailoring Tailoring
Evaluation Approach 1x3: Control Implementation 1x5: Control Implementation
3×5 or 5×5: Control Maturity assessment against
either 3 or 5 maturity levels
Targeted Coverage*
NISTIR 7621: Small Business Information Security
Fundamentals
NIST SP 800-171, HIPAA Security Rule
NIST SP 800-53, HIPAA, FedRAMP, NIST CSF, AICPA
TSC, PCI DSS, GDPR, and 37 others
Level of Assurance** Low Moderate High
Relative Level of Effort 0.5 1.0 5.0
Certifiable Assessment No Yes, 1 Year Yes, 2 Year
Complementary Assessments None Readiness Readiness, Interim, Bridge
Leverages Results Distribution System (RDS) to
Share Results
Yes Yes Yes
Leverages the AI Engine to Prevent Omissions,
Errors, or Deceit
Yes Yes Yes
*Targeted Coverage means substantial coverage is intended
** A particular level of assurance (e.g., low, medium/moderate, or high) is generally characterized by the relative level of suitability, impartiality, and rigor in the
approach used to specify, assess, and report on the effectiveness of information security and privacy controls and the risks they are intended to manage.
20. 20
CONTROLCASE METHODOLOGY FOR HITRUST
r2 ASSESSMENT
• MyCSF Subscription
• Customer purchases
MyCSF Subscription
• ControlCase helps
build the
assessment
• Readiness
Assistance
• ControlCase assigns
an independent
readiness consultant
to guide customer to
provide required
HITRUST evidence
• Customer purchases
validated
assessment from
HITRUST Portal
once ready
• ControlCase helps
the customer to
identify a
submission date and
complete the
reservation for
HITRUST QA
• HITRUST Validated
Assessment
• Independent
ControlCase auditor
(HITRUST CCSFP)
completes the
validated
assessment and
required testing.
• ControlCase Quality
Assurance
• Engagement
Executive Review
• ControlCase moves
evidence to MyCSF
• Submit to HITRUST
• HITRUST QA
• Final Certified /
Validated Report
1 2 3 4 5 6
ControlCase will follow a 6-PHASE APPROACH for the HITRUST Assessment
22. 22
CONTROLCASE METHODOLOGY FOR HITRUST
i1 ASSESSMENT
• Help with determining the scope for the HITRUST i1 assessment.
• Review customer’s environment and articulate HITRUST
requirements accordingly.
• Identify gaps and help strategize remediation approach.
• Independent HITRUST CCSFP to perform the i1 assessment and the
required testing.
• End to End process of 5 months to submission.
23. 23
Solving for the Inefficient Method of
Authenticating, Requesting, Sharing,
and Analyzing Assessment Results
24. 24
Today’s TPA Reports Sharing
Landscape
• Generally, the sharing of TPA reports is largely
manual and less than ideal:
• Involves requesting PDF reports from business
partners (e.g., customers)
• Usually involves sharing of PDFs back and forth
• The PDFs vary greatly depending on the type of report,
the issuing party, etc.
• The PDFs may be copy-protected and/or password-
protected, making them tough to access and use
• The PDFs are static and non-interactive, making it
necessary to copy data into more feature-rich tools to
do any meaningful analysis
• This process is repeated annually
Reliant party Assessed entity
Reliant party requests the report
Assessed entity provides the report
2
1 ?
Reliant party manually inspects the report
3 Current?
Authentic?
Scope?
Findings?
Reliant party manually scrapes data from report for entry elsewhere
4 Ctrl+F
Ctrl+C
Ctrl+V
sigh
25. 25
What can (and does) go wrong?
1. Sharing of:
• Expired reports
• The wrong vendor’s report
• Doctored or fake reports
• The correct report to the wrong recipients
2. After hitting “send” on the email:
• No visibility of who the assessment report PDF is ultimately shared
with
• No control over who can and can’t open the assessment report
PDF
3. Copy + paste errors when moving assessment results from PDFs
into tracking spreadsheets, VRM tools, and GRC systems
4. Decisions made using info in out-of-date and/or invalidated third-
party assurance reports
• Management’s responses to identified findings are X months old…
what’s happened since?
5. Overlooked and/or poorly understood:
• Adverse overall conclusions
• Control findings
• Scope limitations and carve-outs
6. Users of these complex reports can’t always find what they’re after
• Which sections is all this in?
• Which columns in which tables again?
• Where does the canned content end and the meat of it start?
7. Non-value-added activities throughout the process
• Distracts personnel from focusing on actually managing risk
• Time-consuming
26. 26
With the HITRUST Results Distribution System
Assessed entity grants the reliant
party access in RDS
Reliant party
1
Assessed entity
2
Reliant party interacts with
assessment results in RDS
3
Assessment results can be
consumed by reliant party
through various means
• The HITRUST Results Distribution System will
addresses the highly inefficient method
of authenticating, requesting, sharing, and
analyzing Assessment results
• Unlike most other certification and
accreditation bodies, HITRUST:
• Is the sole issuer of all HITRUST Assessments
allowing us to ensure integrity and validity of the
process.
• We’re uniquely positioned to streamline the
sharing of assessment results via a centralized
mechanism
A Better Way: Results Sharing
28. 28
Planned Future Enhancements
• API integration with GRC and TPRM/VRM systems
• The RDS API will enable GRC and VRM platforms to electronically consume
assessment results and allow users of those systems to fully leverage the analytics
capabilities that they offer
• HITRUST is partnering with key GRC and VRM vendors to facilitate this integration
• Enhanced Data Analytics
• An enhanced data analysis toolset for relying parties to perform even richer analytics
against assessment results of multiple vendors
29. 29
HITRUST Assessments and Assurance Program is a “Win/Win” for Everyone
Assessed Entities
• One framework, one assurance program and one assessment tool
for information assurance needs of an entire enterprise.
• HITRUST r2 Certification has been a competitive advantage with customers,
as it provides significant assurances that can be relied upon by all
stakeholders (e.g., Customers, Regulators, Cyber Underwriters), and expect i1
Certification to obtain a similar status.
• HITRUST CSF covers over 40 authoritative sources, such as ISO 27001, NIST
800-53, 800-171, HIPAA, GBPR Control Requirements. It can satisfy multiple
stakeholders with one assessment and reduce unnecessary efforts of
responding to third-party proprietary questionnaires. “Assess Once,
Report Many.”
• HITRUST Assessments allow for internal and external inheritance to
reduce the time and cost of testing with External Assessors.
• Differentiates your organization relative to security and privacy
posture and can facilitate potential new business partnerships with
other organizations who require in-depth, third-party validated assurances.
• Able to start with bC Assessment, and easily leverage that assessment
when ready to move to the next level (i1) as your IRM program matures.
• Every assessment leverages the HITRUST RDS, which allows you
to electronically share your assessment results with your customers that
you designate. Eliminates all the back and forth to get the required
information your customer wants.
• Can Minimize Cyber Insurance Premiums.
Relying Parties
• The most Rely-able™ assurance report due to suitability of controls, rigor
of assurance program, and centralized oversight – HITRUST QAs 100% of
the reports.
• Ensures Suitability of the controls
• Transparency in how controls were evaluated and scored
• Better accuracy based on a quasi-quantitative, rather than
“qualitative” scoring.
• Consistency in how controls are evaluated
• Integrity in the report with over 50 automated checks and 6 levels
of independent and objective quality assurance reviews by HITRUST.
• Able to Run your entire Security and Privacy Third-Party Risk
Management Program through HITRUST
• Portfolio of Assessments to meet the needs of all vendors, regardless
of risk level, company size, or purpose. No reason NOT to get HITRUST
• Assurance framework to support more organizations on their
assurance continuum journey.
• Receive all HITRUST assessment results electronically through the
HTIRUST Results Distribution System to radically improve
efficiency over the outdated process for authenticating, requesting,
sharing, and analyzing assessment results.