Are you ready for your next accreditation audit? Our Information Security Readiness service can help.

An Information Security Assessment provides an opportunity to identify gaps in compliance with a specified Framework or Standard for remediation, prior to an external assessment or an audit.

It is not a formal requirement of certification to a Standard but it can be helpful in assisting organizations in the process of getting prepared for their initial certification and re-certification. Many organizations find this to be an important step in the process of preparing the organization for the formal accreditation audit.

Whether it is to prepare your organization for an ISO 27001 certification, compliance with VPDSS, PCI DSS assessment, NIST CSF benchmarking, RACGP accreditation, an audit or simply to better implement the best practices held in these standards, eHealth ISPS’s consultants will lead and support you through the necessary steps of the implementation.

Our suite of Information Security Assessments services are supported by our remediation, implementation, education and ongoing compliance support services to help your organisation – big or small – establish and maintain compliance.

Contact us for a consultation

We would be pleased to provide you with a tailored assessment.

Contact us now

Our portfolio of information security assessment services for organisations include:

ISO 27001 Information Security Management

ISO 27001 is an internationally recognised framework and best practice for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an Information Security Management System (ISMS) within the context of the organisation.

 

Find out more

Victorian Protective Data Security Standards (VPDSS)

The Victorian Protective Data Security Standards (VPDSS) establish 18 high level mandatory requirements to protect public sector data and provide for governance across the four domains of information, personnel, ICT and physical security.

Each standard is supported by four protocols. This follows the continuous improvement process of plan, do, check, and act (as represented in the VPDSS posters – visual representation of the standards). This enables organisations to continually assess their security controls against any new or updated threats and vulnerabilities.

VPDSS requires contracted service providers with direct or indirect access to Victorian government information to adhere to the standards.

 

Find out more

Payment Card Industry Data Security Standard (PCI DSS)

PCI DSS is an information security standard developed to enhance cardholder data security for organizations that store, process or transmit credit card data.

Its primary purpose is to reduce vulnerability of cardholder information and prevent credit card fraud by increasing controls where cardholder data is stored, processed, or transmitted.

Organizations that maintain a cardholder environment data include retailers, retail branches on any business in any industry, online payment services, banks that issue credit cards, and service providers that offer online cloud services for payment processing.

 

Find out more

NIST Cyber Security Framework (NIST CSF)

NIST CSF provides a policy framework of computer security guidance for how private sector organizations (primarily in the United States and gaining some traction in Australia) can assess and improve their ability to prevent, detect, and respond to cyber attacks.

It provides a high level taxonomy of cyber security outcomes and a methodology to assess and manage those outcomes. Originally aimed at operators of critical infrastructure it is also being used by a wide range of businesses and organizations, and helps shift organizations to be proactive about risk management.

 

Find out more

Cyber Insurance

A cyber insurance policy, also referred to as cyber risk insurance or cyber liability insurance coverage (CLIC), is designed to help an organization mitigate risk exposure by offsetting costs involved with recovery after a cyber-related security breach or similar event.

However, policies are not standardized. The terms vary widely, from insurer to insurer and from policy to policy. Businesses need to understand both their risks and the scope of the insurance policies, whether they are already covered under a pre-existing policy and the role of their managed service provider, where applicable.

 

Find out more

RACGP Standards for General Practice Accreditation

The  RACGP Computer and Information Security Standard (CISS) describes the professional and legal obligations for computer and information security.  

All security controls defined in the CISS are mandatory and thus must be met for accreditation purposes. The CISS requires implementation of safe security measures to protect patient information held and transmitted by electronic healthcare records.

 

Find out more

ISO 27799 Health informatics — Information Security Management in Health Using ISO 27002

ISO 27799 international standard provides guidance to healthcare organizations (and other custodians) on how best to protect the confidentiality, integrity and availability of personal health information by implementing ISO 27002. Specifically, the standard addresses the special information security management needs of the health sector and its unique operating environments.

 

Find out more

Third Party and Supply Chain Risk Management

Coming soon!

 

Find out more

eHealth Information Security Assessment Catalogue

Our privacy and security assurance experts have a deep understanding of recognised industry best practice and leading practices advocated by professional and government organisations.

Our assessment services focus not only on technical configurations, but also on business processes and staff practices. These play a crucial part in the effective implementation of any privacy, security and compliance program.

We will work with you to determine the appropriate mix of assessments to meet the business needs:
Level 1

Preliminary Engagement

A preliminary engagement is designed for organisations that have not yet undertaken the full assessment process.

The purpose of the preliminary engagement is to allow our professionals to gain a complete understanding of the business environment, identifying any specific requirements, including:

  • External and internal requirements relevant to the business that affect the operations of the information management systems
  • Any requirements from related parties, including legal and regulatory requirements and contractual obligations
  • Interfaces and dependencies between activities performed by the business, and those that are performed by other organisations
Level 2

Assessment Survey Service

The assessment survey provides an assessment of your current practices, policies, processes, and IT infrastructure against specified standards and guidelines (industry best practice). This can be undertaken without the overhead of extensive document collection and report preparation.

This service is recommended for organisations seeking awareness of vulnerabilities in existing processes and technologies, but also wishing to minimise impact to existing business activities.

Deliverables: Upon completion of the assignment, eHealth ISPS will provide:
  • A Readiness Survey report which includes:
    • An Executive summary for senior management
    • A Detailed explanation of findings
    • A Compliance maturity measurement
    • A Prioritised list of practical and effective strategies and options to manage the risks and address opportunities
  • A Formal presentation of findings
Level 3

(Readiness) Assessment Service

A (readiness) assessment is a detailed assessment of your current practices, policies, processes, and IT infrastructure against the designated standard and guidelines.

Our assessment services identify the compliance requirements for the organisation, business associates and services providers. We then scope any tasks that are required to remediate deficiencies.

The assessment undertakes audits and interviews with key staff to determine the organisations adherence to existing policies and industry best practices. This assessment includes review of:

  • Policies and procedures, including supporting documentation
  • Third party policy and management processes
  • System and application configuration
  • Physical security

Industry standard auditing tools may be used to help assess the state the of IT infrastructure, in particular to determine any network, system and application vulnerabilities.

Compliance Certification Services

Our Compliance Certification Service will manage the compliance process in conjunction with your team. This may including completing a self-assessment or coordinating the activities and acting as your advocate to resolve questions from the auditing personnel. Our range of services include:

  • Verification of compliance against the designated standards and guidelines
  • Testing and validation of controls (indicators, requirements etc.)
  • Preparation of formal reports or questionnaires
  • Packaging and submission of any related documentation as appropriate
  • Acting as your advocate to resolve any questions from auditing personnel

Custom Assessment Service

The Custom Assessment Service is a flexible assessment that is individually tailored to address specific areas. Some of the custom information security services we can provide include:

  • Compliance Management
  • Identity and Access Governance
  • Information Management Maturity Measurement
  • Data Loss Prevention
  • External Service Provider Agreements
  • Security and Privacy Policies and Procedures
  • Security and Privacy Incident Response and Breach Plans
  • Employee Awareness and Education
  • Physical and environmental security
  • Business Continuity Management
  • PCI DSS Gap Analysis and Compliance Audit
Deliverables: Upon completion of the assignment, eHealth ISPS will provide:
  • A Readiness Assessment report which includes
    • An Executive summary for senior management
    • A Detailed explanation of findings including the supporting audit evidence
    • A Prioritised list of practical and effective recommendations to bring processes and controls in compliance with the specified standard
    • A Compliance maturity measurement
  • A Remediation plan and a roadmap that includes timelines and projected resources
  • A Formal presentation of findings

CONTACT US TODAY and see how we can help you.

Telephone: +61 490 325 487 | Email: contact@ehealthsecurityprivacy.com.au | Privacy Policy
© 2018 eHealth Information Security and Privacy Services (ISPS)