HITRUST RightStart (BTS): Audit monitoring and IDS

At the risk of redundancy, Tyler "Commish" Dornenburg and I got in the office early again today to solely put in work on HITRUST. Working six days a week to kick off 2019 is a part of our journey along the HITRUST RightStart program. This post is what it's like behind the scenes (BTS) for a startup striving for HITRUST certification.

Audit Monitoring

• Paubox System Monitoring of privileged operation access
• Paubox System Monitoring of both authorized and unauthorized access
• Paubox System Monitoring for system alerts and reports
  
  

HITRUST Daily Status Call

• Touch base on corrections and edits for HITRUST controls completed internally so far
• Controls to add to our Corrective Action Plan (CAP)
• New information has come to light: A CAP is not required until 30 days after submission of a HITRUST assessment

With light at the end of the tunnel in sight, I'm thankful Commish has led the HITRUST charge for us at Paubox. I'm also thankful the entire team has stepped up in quiet unison to hold down the fort while we focus on HITRUST.

HITRUST Fatigue

Commish, Robert "Rogus1" Ogus, and I stayed late this evening to work. We ordered sandwiches from Bite via Uber Eats and got back to work. Well, sorta. I went down for a power nap. HITRUST fatigue caught up to me. Now I'm back in action.

HITRUST

Founded in 2007, HITRUST Alliance is a not-for-profit organization whose mission is to champion programs that safeguard sensitive information and manage information risk for organizations across all industries and throughout the third-party supply chain. In collaboration with privacy, information security and risk management leaders from both the public and private sectors, HITRUST develops, maintains and provides broad access to its widely adopted common risk and compliance management and de-identification frameworks; related assessment and assurance methodologies; and initiatives advancing cyber sharing, analysis, and resilience.