HITRUST RightStart (BTS): Audit monitoring and IDS
by Hoala Greevy Founder CEO of Paubox
At the risk of redundancy, Tyler “Commish” Dornenburg and I got in the office early again today to solely put in work on HITRUST.
Working six days a week to kick off 2019 is a part of our journey along the HITRUST RightStart program.
This post is what it’s like behind the scenes (BTS) for a startup striving for HITRUST certification.
Having spent most of my HITRUST activity yesterday in Section 12, Audit Logging & Monitoring, I realized there’s still a good deal more to do. In particular, I focused on Audit Monitoring today.
Here’s what I worked on within Audit Monitoring and Intrusion Detection Systems (IDS):
- Paubox System Monitoring of privileged operation access
- Paubox System Monitoring of both authorized and unauthorized access
- Paubox System Monitoring for system alerts and reports
HITRUST Daily Status Call
This afternoon we jumped on a 4pm daily status call with Jeff, our HITRUST Assessor from KirkpatrickPrice.
I’m not always able to join these calls, thankfully Tyler has been steady on that front for us.
Here’s what we covered during the daily status call:
- Touch base on corrections and edits for HITRUST controls completed internally so far
- Controls to add to our Corrective Action Plan (CAP)
- New information has come to light: A CAP is not required until 30 days after submission of a HITRUST assessment
With light at the end of the tunnel in sight, I’m thankful Commish has led the HITRUST charge for us at Paubox.
I’m also thankful the entire team has stepped up in quiet unison to hold down the fort while we focus on HITRUST.
Commish, Robert “Rogus1” Ogus, and I stayed late this evening to work. We ordered sandwiches from Bite via Uber Eats and got back to work.
Well, sorta. I went down for a power nap. HITRUST fatigue caught up to me. Now I’m back in action.
Founded in 2007, HITRUST Alliance is a not-for-profit organization whose mission is to champion programs that safeguard sensitive information and manage information risk for organizations across all industries and throughout the third-party supply chain.
In collaboration with privacy, information security and risk management leaders from both the public and private sectors, HITRUST develops, maintains and provides broad access to its widely adopted common risk and compliance management and de-identification frameworks; related assessment and assurance methodologies; and initiatives advancing cyber sharing, analysis, and resilience.