Need to assessĀ technology or business risk? Information Exchange can help by performing an independent industry assessment, including the evaluation of controls in a process or organization.
The long standing independent reviews referred to as “third party reviews” is a 15+ year appraisal program at the Information Exchange. The SAS70 (recently updated) is a formal process. It is our onsite review to independently issue a report based on an in-depth audit data centers or processing methods. The same independent attestation can be performed for technology controls under HIPAA. HIPAA is an acronym for the Health Insurance Portability and Accountability Act of 1996, which in its Administrative Simplification provisions addresses the security and privacy of health data. These provisions address administrative, physical and technical safeguards related to the electronic transmission, storage and use of health information.
The identification, assessment, and prioritization of risks is a process that can be time consuming and extensive. Information Exchange can assist in creating a risk management plan, selecting appropriate controls or countermeasures to measure each risk. Once the business impact of each risk is determined, a plan to address each risk with avoidance, transference, mitigation or acceptance will be generated according to the asset’s value to the organization.
We can also help with Business Continuity Planning (BCP), Contingency Planning (CP), Incident Response Planning (IR), and Disaster Recovery Planning (DR). These major areas of risk planning are important to implement before and incident occurs, but having a response plan outlined is critical to assuring continued operations when things get tough. Information Exchange’s management, business and security experience can guide your enterprise to a compliant solution.