About Brian Sandenaw

Brian has over 2 decades of experience in System Administration and Information Security, having worked at all levels of Government (City, County, State, and Federal) and with companies ranging from startup to Fortune-20.  He transitioned to auditing in 2018 and has delivered audits and attestations as varied as SOC 1 and 2, HITRUST, FISMA, FERPA, PCI, CSA-star and HIPAA.  With Linford and Co, he focuses primarily on HITRUST and SOC 2.

ALL ARTICLES BY Brian Sandenaw:
Disaster recover (DR) testing

Disaster Recovery (DR) Testing: Getting the Most From Your Tabletop Exercise

Many organizations do a tabletop test each year of their Incident Response (IR) or Business Continuity/Disaster Recovery (BC/DR) plan to evaluate its effectiveness and make sure it’s current. While tabletop is generally the weakest form of testing and has some significant limitations, there are some things that can be done to make it a better […]

Guide to the CSA STAR Program

CSA STAR Guide to Assessment, Attestation, & Certification

It’s been discussed elsewhere what the Cloud Security Alliance is and what their CSA Security Trust Assurance and Risk (STAR) program entails. To summarize, the CSA STAR program provides a Cloud-focused alternative to the more traditional audits. It’s based on the CSA Cloud Controls Matrix (CCM) and offers multiple levels of certification/attestation and a flexible path to those achievements. […]

HITRUST vs HIPAA

HITRUST vs HIPAA

In previous articles, we’ve covered what HITRUST is and how to get HITRUST certified, but one very frequent question is, “What’s the difference between HIPAA vs HITRUST?” While they both relate to information security, and HITRUST initially began as part of HIPAA, they’re very different concepts. Let’s dive in. What Is the Difference Between HIPAA […]

Fast track to HITRUST e1 certification

Zero to HITRUST (e1) Certified in 100 Days

Any time we make “first contact” with someone who needs a HITRUST assessment there are always 3 overarching questions, “What is this going to cost?”, “How hard is this going to be?”, and the question I will be covering in this article – “How long is this going to take?” In the past, before the […]

HITRUST interim assessments

A Guide to HITRUST Interim Assessments

Any organization that has completed a HITRUST assessment knows they represent a significant amount of effort and a significant commitment to compliance and certification. While many HITRUST levels of certification are only good for one year, HITRUST’s r2 certification is good for two years, but…the HITRUST r2 certification requires an ‘interim’ assessment every other year […]