HITRUST (BTS): Transmission protection & incident response
by Hoala Greevy Founder CEO of Paubox
As part of our journey on the RightStart program by HITRUST, we forged ahead today by knocking out swaths of Transmission Protection and Incident Response assessment sections.
This post is a Behind The Scenes (BTS) look at our progress today.
Transmission Protection is covered in Section 9 of the HITRUST assessment. There are 16 controls to address within in it.
Topics from this section that stuck out to me were:
- Properly protecting E-Commerce transactions
- Establishing and maintaining communication protocols
- Usage Policy for Fax Machines (hint: we recently held a wake for the fax machine)
Incident Response is one of 14 controls that comprise Section 15, Incident Management.
Topics from this section that stood out to me today were:
- Updating our Incident Response Plan
- Fleshing out appropriate Response Categories for security-related events
- Compiling and documenting a more robust Identification Phase
Daily Status Calls with HITRUST Assessor
Along with our progress from yesterday and last Saturday, we are projecting to submit our HITRUST Assessment before the month is over.
As such, we are now doing Daily Status Calls with our HITRUST Assessor, Jeff Pochily from KirkpatrickPrice.
Topics we covered on our Daily Status call today were:
- Configuring permissions in the MyCSF portal
- Incident Management, Response & Reporting
- Hardware Inventory disposal log
Founded in 2007, HITRUST Alliance is a not-for-profit organization whose mission is to champion programs that safeguard sensitive information and manage information risk for organizations across all industries and throughout the third-party supply chain. In collaboration with privacy, information security and risk management leaders from both the public and private sectors, HITRUST develops, maintains and provides broad access to its widely adopted common risk and compliance management and de-identification frameworks; related assessment and assurance methodologies; and initiatives advancing cyber sharing, analysis, and resilience.