![]() |
|
|
ecfirst – Compliance & Security Services – 2010
Why ecfirst in 2010 ?
Our Core Focus: Compliance and Information Security ecfirst delivers deep expertise with its full suite of services that include risk assessment, technical vulnerability assessment, security and compliance consulting services (ISO 27000, PCI DSS, HIPAA, HITECH Act, State regulations), and IT Business Continuity Planning (BCP) Business Impact Analysis (BIA) as well as development of Disaster Recovery Plans (DRP). ecfirst has successfully executed fixed price, fixed deliverable, turnkey projects worldwide.
Testimonials ![]() ![]() "ecfirst has been one of the best things to happen to our overall information security and privacy compliance program. They literally fell out of the sky and have been a valuable asset to our organization. Their Managed Compliance Services Program (MCSP), methodic approach and thorough analysis leaves no stone unturned, giving our organization the information we need to make effective decisions."
Wes Rogers Director, Information Security and Support GEMCare Health Plan/Managed Care Systems, LP
"We have come to rely on ecfirst as our partner for HIPAA and HITECH compliance. As a preferred client in the ecfirst Managed Compliance Services Program (MCSP), ecfirst makes sure that we do the right things at the right times with critical mandates. We have come to rely upon their expertise and are secure in knowing that we are getting the best advice possible. Regulations are constantly changing and the team at ecfirst keeps current with the requirements. ecfirst enables our organization to be focused on what is important.” “We would highly recommend ecfirst to any covered entity or business associate.” Lawrence Roberts Principal Integrated Health Management Services, LLC Initiative - Honor - Motivation - Service World-class IT Professional Services The ecfirst Professional Staffing Practice excels in meeting your short and long term requirements for contract professionals in the areas of Web development, system, database and network administration, application development, system architecture, and project management. This practice is distinguished with credentialed staff (PMP, CBCP, CISSP, CSCS, CHSS or others that may be required) that includes deep industry knowledge in the healthcare, financial, technology and government markets. Compliance and Training Certification The Certified HIPAA Administrator (CHA™), Certified HIPAA Professional (CHP) and the Certified HIPAA Security Specialist (CHSS™) certifications are the gold standards in the Industry. The ecfirstCertified Security Compliance Specialist (CSCS™) Program is the first and only information security program that addresses all major compliance regulations from a security perspective.
Talk to ecfirst. We Want to Listen and Learn More About You. Our Promise – We Will Not Fail You. For over a decade, ecfirst has delivered world-class information security and regulatory compliance solutions. With 1,400+ clients, ecfirst was recognized as an Inc. 500 business – America’s Top 500 Fastest Growing Privately Held Business - in our first year of eligibility. ecfirst is Minority Business Enterprise Certified and an accredited BBB business. ecfirst assists organizations with their compliance initiatives for a secure information infrastructure that is compliant with regulations such as PCI DSS, HIPAA, HITECH, State and Federal regulations, and the ISO 27000. ecfirst serves a Who's Who client list that includes technology firms, numerous hospitals, state and county governments, and hundreds of businesses across the United States and abroad. A partial list of clients includes EMC, IBM, Principal Financial, U.S. Army, U.S. Dept. of Homeland Security, U.S. Dept. of Veterans Affairs and many others. Talk to ecfirst and you will find an organization that is passionate about the services we deliver and exceptionally devoted to its clients. For more information, please visit http://www.ecfirst.com or contact Audra Curtis @ ecfirst at +1.877.899.9974 x16.
Organizations are increasingly considering applying the family of ISO 27000 international security standards to comply with various U.S. federal and state regulations such as HIPAA, HITECH, as well as standards such as the PCI DSS. The ISO 27000 is a global standard that provides a comprehensive framework that organizations can adopt to address compliance requirements and establish a resilient information infrastructure. ecfirst Brings Deep Experience & Expertise with ISO 27000 ecfirst’s fast-paced, 1-day private training workshop on ISO 27000, its policy templates, quick reference cards, and deep consulting expertise embodied in it signature methodology, BizShield™, are enabling organizations to easily adopt the ISO standard. The ecfirst BizShield™ is a signature methodology is specifically focused on the ISO 27000 standard and includes the following core components:
Our Commitment to You 1. Manage the implementation of ISO 27000 in your environment leveraging as best as possible existing information security processes, practices and capabilities 2. Document all information requested and establish time-line for critical next steps 3. Respond with required information and communicate with all involved parties on activities and status 4. Establish framework for complete knowledge transfer to enable your organization to improve processes and capabilities ISO 27000 Client Consulting Testimonial “When GHX began discussing our march toward HIPAA compliance, there was a general consensus about where we had to be - in three years, but there was also a notable lack of agreement on how we might get there. After thoughtful consideration (and amazing good fortune) we chose to seek the services of ecfirst as our “implementation partners” to assist our efforts with HIPAA using ISO 27000 as the framework.” “I’m happy to say, it was the best choice we could have made. Their ISO 27000 experience, comprehensive approach, and practical guidance, have put us solidly on the road to achieving our goal, within our window. For GHX, achieving compliance is huge effort, and having a dependable ally was critical to our success.”
Patt Anderson,Compliance Manager Our ISO 27000 Training Solutions ecfirst has several options for ISO 27000 training - from a tailored 60-minute webcast to a 2-day CSCS certification program. Schedule our 1-day training workshop, “Getting Started with ISO 27000,” to learn more about the ISO 27001 and ISO 27002 information security standards and understand how these may be applied to address compliance requirements. 1. Examine the ISO 27000 information security framework and its core components 2. Review the ISO 27001 security standard and understand key terminology, definitions and the overall organization 3. Step through the clauses defined in the comprehensive ISO 27002 standard 4. Understand how compliance requirements of State regulations such as those from Massachusetts and California, as well as federal requirements such as HIPAA and HITECH can be addressed with the ISO 27000 framework 5. Identify critical steps for organizations to get started with the ISO 27000 ecfirst ISO 27000 Training Testimonials
“The ISO 27000 Webinar in addressing HITECH, HIPAA & State Regulations was first rate. Looking forward in continuing our involvement with ecfirst in regard to consulting, training and certification. Please send my best to Ali Pabrai, he is a great speaker!”
“I really liked the detailed overview of ISO 27001/27002, and the heads up on the upcoming ISO 2700X standards. I liked the note about a written comprehensive InfoSec program being needed.”
“The ISO 27000 brief was very helpful as my organization works to implement ISO 27000 for our security framework. I have been CHP and CHSS certified by ecfirst for several years and value ecfirst’s expertise. I am interested in the CSCS certification and will be looking into ecfirst’s training program for this certificate.”
“I found the program to give me a wonderful framework with the ISO 27000 to enhance our security program under HIPAA and HITECH. The tools will be very helpful in the continued effort to move our program forward.”
RISK ANALYSIS is a required implementation specification defined in the HIPAA Security Rule that healthcare organizations, including business associates must conduct on a regular schedule. Further, organizations must complete a gap analysis to identify areas of non-compliance with the HIPAA Privacy Rule and the requirements of the HITECH Data Breach mandates. You will need to conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of all PHI, including EPHI, held by the entity. Here are some important considerations for organizations to assess to meet HIPAA and HITECH mandates:
RISK MANAGEMENT Once the risk analysis activity is complete then organizations need to address the findings of the Corrective Action Plan (CAP). This provides the foundation for a comprehensive risk management program. Risk management is a required implementation mandate defined in the HIPAA Security Rule. The core objective of this requirement is to implement security measures sufficient to reduce risks and vulnerabilities to a reasonable and appropriate level. ON-DEMAND COMPLIANCE CONSULTING ecfirst – Home of the HIPAA Academy – is the first in the industry to have introduced On-Demand Compliance Consulting Organizations can contract with ecfirst for a pre-determined block of hours to address compliance gaps at a fixed rate. Highly specialized compliance and security professionals seasoned with remediation experience enable organizations to address compliance gaps and security vulnerabilities cost effectively. OUR PROFESSIONAL TEAM ecfirst only engages credentialed professionals for its BIA engagements. Credentials such as CHP, CISSP, CSCS and CBCP are typical of ecfirst teams assigned to client engagements. YOUR COMMITMENT TO US
1) Interviews with key members of IT staff, key individuals in departments and management. OUR DELIVERABLE TO YOU A BizShield™ Risk Analysis Report will be created based on our review and analysis of information collected from your organization. This BizShield™ Risk Analysis Report will include information in the following areas:
Fixed Fee: Call for details and a customized proposal exclusively for your organization. COMPLIMENTARY PRIVATE WEBCAST: PREPARING FOR A HIPAA | HITECH AUDIT For a complimentary Webcast on Preparing for a HIPAA | HITECH Audit, please contact Audra Curtis at Audra.Curtis@ecfirst.com. TESTIMONIALS “ecfirst provides excellent value across a comprehensive portfolio of first rate solutions for regulations such as HIPAA | HITECH compliance, risk analysis, social engineering, vulnerability assessment, disaster recovery and business continuity. They are not just experts in these respective fields but are able to communicate and motivate corporate audiences to effect change.” “ecfirst is an excellent business partner that focuses on long term, successful relationships through consistently successful project delivery.”
Joe Granneman “Ensuring secure and appropriate access is not just a compliance requirement, but vital for protecting confidential patient information. NorthwestCommunity Hospital (NCH) has been very fortunate to find a partner in ecfirst to address several compliance challenges, be it HIPAA, HITECH, PCI DSS or the FACTA - Red Flags Rule. NCH has been an early adopter of the ecfirst Managed Compliance Services Program (MCSP) which provides a comprehensive framework to address areas such as Business Impact Analysis (BIA), Disaster Recovery Plan (DRP), Risk Analysis, Vulnerability Assessment, Security Remediation, Training, Certification, Policy Updates and more.” “ecfirst has been a highly valued and responsive partner in its role to enable NCH to be a more trusted hospital.”
Suresh Krishnan
The Payment Card Industry (PCI) Data Security Standard (DSS) is aglobal information security standard for protecting cardholder data. The PCI DSS requirements apply to merchants and other organizations that store, process, or transmit cardholder data. PCI DSS is a compilation of best practices for securing data throughout the information lifecycle. The PCI standard identifies several processes and procedures required to protect cardholder data. With unmatched laser beam focus on regulatory compliance and information security, ecfirst has the services that organizations need to prepare for and deliver on PCI compliance today. The core goals of PCI DSS include:
1. Remove sensitive authentication data and limit data retention The ecfirst PCI Readiness Assessmentenables organizations to understand the current PCI standard compliance posture and includes a Corrective Action Plan (CAP). This plan is a remediation roadmap that the organization should complete prior to undergoing a formal PCI audit. ecfirst Brings Deep Experience & Expertise with PCI DSS The ecfirst PCI DSS Readiness Assessment is a methodical examination and review of the state of PCI compliance with the defined control objectives and associated requirements of version 1.2 of the Standard. This ecfirst exercise results in an actionable & comprehensive PCI DSS Readiness Assessment Report that summarizes findings and provides details about areas in which the organization does not comply with version 1.2 of the Standard. A prioritized list of activities and recommended timetable are included, as is an executive presentation of the assessment findings. The ecfirst PCI Solution addresses requirements in the areas of:
ecfirst’s fast-paced, 1-day private training workshop on PCI DSS, its policy templates, quick reference cards, and deep consulting expertise embodied in it signature methodology, BizShield™, are enabling organizations to address PCI DSS requirements. The ecfirst BizShield™ is a signature methodology is specifically focused on the PCI DSS standard and includes the following core components:
Our Commitment to You
1) Manage the implementation of PCI DSS in your environment leveraging as best as possible existing information security processes, practices and capabilities Key Deliverable – The BizShield™ PCI DSS Readiness Assessment Report
Completion of the PCI DSS v1.2 Prioritized Approach Spreadsheet as defined by the PCI Security Standards Council (based on the prioritized approach to pursue PCI DSS compliance) PowerPoint presentation of executive summary (optional)
Contingency planning, also referred to as Business Continuity Planning (BCP), is a coordinated strategy that involves plans, procedures and technical measures to enable the recovery of systems, operations, and data after a disruption. A Business Impact Analysis (BIA) is the foundation for building Contingency Plans. Once the BIA is completed, Contingency Plans can be developed using the information identified in the BIA. Typically, two types of Contingency Plans will need to be developed. Emergency Mode Plans for business unit recovery and Disaster Recovery Plans (DRP) for Information Technology (IT) systems and infrastructures. HIPAA REQUIREMENT Contingency plan is a HIPAA Security standard. The objective of the contingency plan standard is to establish (and implement as needed) policies and procedures for responding to an emergency or other occurrence (for example, fire, vandalism, system failure, and natural disaster) that damages systems that contain EPHI. As shown in bold in the Figure below, the Contingency Plan standard is defined within the Administrative Safeguards section of the HIPAA Security Rule.
Contingency plan related requirements are also identified as implementation specifications in the Physical Safeguards section of the HIPAA Rule as well as the Technical Safeguards section. A BIA is a critical step in contingency planning. The critical steps for a BIA include the need to:
1. Identify business disruption events and measure probabilities OUR PROFESSIONAL TEAM ecfirst only engages credentialed professionals for its BIA engagements. Credentials such as CISSP, CSCS and CBCP are typical of ecfirst teams assigned to client engagements. YOUR COMMITMENT TO US
1) Interviews with key members of IT staff, key individuals in departments and management. OUR DELIVERABLE TO YOU A BizShield™ Business Impact Analysis (BIA) document will be created based on our review and analysis of information collected from your organization. This BizShield™ Business Impact Analysis (BIA) Report will include information in the following areas:
Fixed Fee with No Expenses: Call for details and a customized proposal exclusively for your organization. COMPLIMENTARY PRIVATE WEBCAST ON CONTINGENCY PLANNING & BIA For a complimentary Private Webcast on Contingency Planning & BIA, please contact Audra Curtis at Audra.Curtis@ecfirst.com. TESTIMONIALS
"The HIPAA Academy developed a comprehensive Business Impact Analysis (BIA) and Contingency Plan documents that met HIPAA Security Rule specifications and exceeded our stringent requirements. The work was executed professionally and their templates were detailed to capture small, yet critical information to establish recovery priorities."
"Very informative and accurate."
© All Rights Reserved || ecfirst || 2010 Inc. 500 in our First Year of Eligibility || www.ecfirst.com |