Many organizations do a tabletop test each year of their Incident Response (IR) or Business Continuity/Disaster Recovery (BC/DR) plan to evaluate its effectiveness and make sure it’s current. While tabletop is generally the weakest form of testing and has some significant limitations, there are some things that can be done to make it a better […]
About Brian Sandenaw
Brian has over 2 decades of experience in System Administration and Information Security, having worked at all levels of Government (City, County, State, and Federal) and with companies ranging from startup to Fortune-20. He transitioned to auditing in 2018 and has delivered audits and attestations as varied as SOC 1 and 2, HITRUST, FISMA, FERPA, PCI, CSA-star and HIPAA. With Linford and Co, he focuses primarily on HITRUST and SOC 2.
SaaS HIPAA Compliance Considerations & Certification
With the use of cloud technology trending upward, many cloud companies are touting themselves as “HIPAA certified.” In fact, there is no such thing as a HIPAA certification.
CSA STAR Guide to Assessment, Attestation, & Certification
It’s been discussed elsewhere what the Cloud Security Alliance is and what their CSA Security Trust Assurance and Risk (STAR) program entails. To summarize, the CSA STAR program provides a Cloud-focused alternative to the more traditional audits. It’s based on the CSA Cloud Controls Matrix (CCM) and offers multiple levels of certification/attestation and a flexible path to those achievements. […]
HITRUST vs HIPAA
In previous articles, we’ve covered what HITRUST is and how to get HITRUST certified, but one very frequent question is, “What’s the difference between HIPAA vs HITRUST?” While they both relate to information security, and HITRUST initially began as part of HIPAA, they’re very different concepts. Let’s dive in. What Is the Difference Between HIPAA […]
Zero to HITRUST (e1) Certified in 100 Days
Any time we make “first contact” with someone who needs a HITRUST assessment there are always 3 overarching questions, “What is this going to cost?”, “How hard is this going to be?”, and the question I will be covering in this article – “How long is this going to take?” In the past, before the […]
A Guide to HITRUST Interim Assessments
Any organization that has completed a HITRUST assessment knows they represent a significant amount of effort and a significant commitment to compliance and certification. While many HITRUST levels of certification are only good for one year, HITRUST’s r2 certification is good for two years, but…the HITRUST r2 certification requires an ‘interim’ assessment every other year […]