Apgar & Associates' consulting expertise supports clients in privacy, infosec, HIPAA, HITECH and regulatory compliance, plus preps for HITRUST, SOC2 and ISO Certification.
Do your clients want you to be HITRUST, SOC2 or ISO certified? Our certification prep gets you through the What + How of evidence collection and explicit requirements for each. Financial, healthcare provider, or technology business partner—you’ll be poised for certification success.
SECURITY INCIDENT RESPONSE
How solid is your security incident response plan? Is your incident response team trained? With our help, you’ll know who needs to do what, when, for every security incident. You’ll also comply with the ISO 27001 and the HIPAA Security Rule requirement for incident response. Let’s review your SIR plan and status before there’s an incident.
POLICIES & PROCEDURES
Policies & Procedures make you look good when tight and right.
Feel confident in your documentation? Able to point to how an employee can uphold your company’s privacy and infosec program? Talk to us about how to assure your documentation is up to date and supports compliance. It’s the underpinning of your infosec and privacy programs.
Think of the Security Risk Analysis as your internal due diligence.
Security Risk Analysis
How strong is your infosec program?
No matter what industry – healthcare, financial or technology – a regularly scheduled, top-to-bottom security risk analysis (aka SRA) is essential to a healthy infosec program. Streamline ISO and HIPAA compliance efforts, plus know where and how to close security gaps.
Think of an SRA as due diligence. Even mitigated security risks can become vulnerabilities again. Technology evolves constantly. Employees come and go. Devices get lost or stolen.
It’s show and tell time. Let your customers and partners know that you take data security and regulatory compliance seriously.
How well does your compliance program measure up?
OCR recommends 5 features in every compliance program. We’ll help you put all of the right components, resources, and a solid action plan into play. Tackle risk mitigation + risk management? Training materials + delivery direction? Plans + audits? You’ll be set.
Need a privacy and security compliance officer? Yes, we can help you there, too.