With the exception of Sundays, we’ve been pushing hard on HITRUST every day in 2019 to date.
Yesterday was no exception: We got into the office early again to crank on HITRUST before the busy Monday meetings began.
This post is what it’s like behind the scenes (BTS) for a startup participating in the HITRUST RightStart program.
Audit Logging & Monitoring
I spent most of my HITRUST activity yesterday in Section 12, Audit Logging & Monitoring.
The section has 28 controls within it.
Here’s what I worked on within Audit Logging & Monitoring:
- Audit records (Records in scope vs records not in scope)
- Audit logging of privileged user activity
- Audit log retention policy
- Audit log Availability
Paubox Monday (BTS)
It was a welcomed challenge yesterday to hit our self-imposed HITRUST quota requirements.
For starters, we welcomed our new Director of Customer Success, Peter Kirsheman, at 9am. Welcome Pete! Everyone loved the energy and enthusiasm Pete brought on day one.
Then we held our weekly staff meeting at 10am.
Discussing the 2019 Paubox V2MOM with Ryan Williams (SalesCollider)
I arrived back in the office by 12:45pm and put in another hour on HITRUST before my monthly 2pm SaaS sales mentorship meeting with Ryan Williams of SalesCollider.
Mind you, I’m constantly (re)fueling on caffeine at each opportunity throughout the day.
By 4:30pm, we met our daily HITRUST quota on completed controls.
Tyler “Commish” Dornenburg talked me into joining ClassPass so we left the office before 5pm.
About an hour later, I did my first Kettlebell class at Swing Kettlebell School. My quads promptly got thrashed.
Back in the office again early this morning, gait lurching, ready to keep cranking on HITRUST.
Founded in 2007, HITRUST Alliance is a not-for-profit organization whose mission is to champion programs that safeguard sensitive information and manage information risk for organizations across all industries and throughout the third-party supply chain.
In collaboration with privacy, information security and risk management leaders from both the public and private sectors, HITRUST develops, maintains and provides broad access to its widely adopted common risk and compliance management and de-identification frameworks; related assessment and assurance methodologies; and initiatives advancing cyber sharing, analysis, and resilience.