Planning, Control Selection, Implementation, and Auditing
Personally Identifiable Information (PII), Personal Health Information (PHI) are two types of information that, if accidentally released or stolen, can have very negative impacts to a business. Notwithstanding the angry client and any legal action they may bring, there is a loss of public confidence when the information becomes public. This service offering is aimed at organizations who want to assure they are protecting client information at least to the degree required in HIPAA, GLBI, etc. YottaByte Security can support organizations with direct compliance requirements, such as FISMA, SOX, etc.
Phase 1 - Assessment. The assessment phase is always the most difficult and time intensive phase. The first step is fto discuss the types of information you have, any requirements your oganization may be bound to, or the degree of protection you’d like to have for your client data. In the second part of this phase, we inventory your data. If you don’t know where your data is, you cannot protect it.
Phase 2 - Planning. Once we have requirements, and we know where your private data is, we can protect it. In this phase, we talk about best practices and make decisions regarding the types of controls you want to put in place to protect the data. YottaByte Security begins this phase with a written analyisis and cost proposal based on the discussion we had in Phase 1.
Phase 3 - Action. Execution of the plan developed in Phase 2. YottaByte Security can perform the activities, assist your staff, or lead them in the action phase.