HITRUST (BTS): Information Protection Program
by Hoala Greevy Founder CEO of Paubox
As part of our journey on the RightStart program by HITRUST, we got to the office early again today to crank on our HITRUST assessment.
As it’s JPM Week in San Francisco however, getting in early is proving progressively harder to accomplish.
Mahalo to Redox for hosting another wonderful Taco mixer at Uno Dos Tacos last night!
Today we dove into Section 1 of the HITRUST Assessment, Information Protection Program.
This post is a Behind The Scenes (BTS) look at our progress today.
Information Protection Program
Information Protection Program is outlined in Section 1 of the HITRUST assessment. There are 19 controls to address within it.
It was recommended during yesterday’s daily status call to quickly focus on Section 1, as it’s known to be arduous.
Here’s what I worked on today for our Information Protection Program:
- Identifying Security Contacts within the organization
- Establishing policies and procedures for the primary Security Contact
- Further documenting components of our Information Security Management Program (ISMP)
- Implementation of Security Testing, Training and Monitoring
HITRUST Assessor Daily Status Call
We had a 2pm PST scheduled daily call with our HITRUST Assessor today. Unfortunately, he missed it.
We waited ten minutes for him to arrive on the conference call and then we got back to work on HITRUST. Time is of the essence here at Paubox.
Founded in 2007, HITRUST Alliance is a not-for-profit organization whose mission is to champion programs that safeguard sensitive information and manage information risk for organizations across all industries and throughout the third-party supply chain.
In collaboration with privacy, information security and risk management leaders from both the public and private sectors, HITRUST develops, maintains and provides broad access to its widely adopted common risk and compliance management and de-identification frameworks; related assessment and assurance methodologies; and initiatives advancing cyber sharing, analysis, and resilience.