Get Instant Access
to This Blueprint

Security icon

Comply with the Security Requirements of HIPAA or SOX

Compliance and security are two languages; you need to be able to translate them.

  • Many organizations need to adhere to various compliance obligations through the implementation of specific security controls.
  • Regulatory compliance can have daunting requirements that are often extremely long and complex to understand for the average security manager.
  • There is a need for proper identification and assessment of compliance obligations.

Our Advice

Critical Insight

  • Meeting compliance requirements will never be simple or short; focus on clarity.
  • There’s no memory test when meeting compliance. It is okay if you end up with a huge list of requirements and actions to meet those requirements as long as you can understand them.
  • Compliance isn’t about checking items off a list – it can be dynamic and your security controls have to be able to reflect that.
  • If you bring your auditor a checklist of your compliance requirements today, you are going to have to go back to the drawing board. Meeting requirements needs full visibility into each control and how it is met.

Impact and Result

  • Translate compliance requirements into actual actions you can carry out. Turn ambiguous and often open-ended statements into clear and understandable security initiatives.
  • Save yourself the headache and time of deciding what you have to do to meet your compliance requirements by having an easy-to-understand method for meeting requirements.
  • Document your controls in a simple format so you are prepared for the impending audit.

Comply with the Security Requirements of HIPAA or SOX Research & Tools

Start here – read the Executive Brief

Read our concise Executive Brief to find out how to plan to meet the security parts of HIPAA or SOX, review Info-Tech’s methodology, and understand the three ways we can support you in completing this project.

Comply with the Security Requirements of HIPAA or SOX – Executive Brief
Comply with the Security Requirements of HIPAA or SOX – Phases 1-3

2. Perform a gap analysis

Determine the target state and perform a gap analysis.

Comply with the Security Requirements of HIPAA or SOX – Phase 2: Perform a Gap Analysis

Member Testimonials

After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve. See our top member experiences for this blueprint and what our clients have to say.

Client

Experience

Impact

$ Saved

Days Saved

The Bank of Tampa

Guided Implementation

8/10

N/A

2

Workshop: Comply with the Security Requirements of HIPAA or SOX

Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

Module 1: Make the Case and Assess Your Compliance Current State

The Purpose

  • Identify and document your regulatory compliance obligations.
  • Make the case for a compliance management program.
  • Gain executive buy-in to ensure that you have your compliance program championed.
  • Review your current state for meeting HIPAA and SOX compliance. 

Key Benefits Achieved

  • Identification of the compliance obligations that the organization faces.
  • Executive support for compliance management.
  • Understanding of the current state of compliance in relation to HIPAA and/or SOX. 

Activities

Outputs

1.1

Identify and document regulatory compliance obligations.

  • Completed Compliance Business Case
1.2

Gain an executive champion.

  • Identified executive champion
1.3

Perform a current compliance state assessment.

  • Determined current state of compliance

Module 2: Determine Your Target State and Perform a Gap Analysis

The Purpose

  • Assess organizational friction to compliance.
  • Determine desired future state of compliance.
  • Identify gaps and initiatives to achieve regulatory compliance.
  • Group similar initiatives and align them under the security framework. 

Key Benefits Achieved

  • Recognized any organizational barriers to compliance.
  • Determined the target state of compliance.
  • Identified the necessary gap initiatives.
  • Grouped similar security projects that are closely aligned. 

Activities

Outputs

2.1

Assess organizational barriers to compliance.

  • Identified organizational barriers
2.2

Identify gaps initiatives.

  • Actionable initiatives to reach compliance

Module 3: Build a Compliance Roadmap

The Purpose

  • Prioritize the implementation of the initiatives.
  • Identify dependencies of the initiatives.
  • Determine the phases of the initiatives.
  • Create a review process and a metrics program. 

Key Benefits Achieved

  • Prioritized list of initiatives.
  • Defined compliance roadmap for the gap initiatives.
  • Realized ability to track and review the overall compliance program. 

Activities

Outputs

3.1

Prioritize the initiative implementation.

  • Prioritized initiatives
3.2

Determine the phases of the initiatives.

  • Roadmap of the initiatives
3.3

Develop a review process.

  • Review process for compliance
Unlock This Blueprint
Comply with the Security Requirements of HIPAA or SOX preview picture

About Info-Tech

Info-Tech Research Group is the world’s fastest-growing information technology research and advisory company, proudly serving over 30,000 IT professionals.

We produce unbiased and highly relevant research to help CIOs and IT leaders make strategic, timely, and well-informed decisions. We partner closely with IT teams to provide everything they need, from actionable tools to analyst guidance, ensuring they deliver measurable results for their organizations.

What Is a Blueprint?

A blueprint is designed to be a roadmap, containing a methodology and the tools and templates you need to solve your IT problems.

Each blueprint can be accompanied by a Guided Implementation that provides you access to our world-class analysts to help you get through the project.

Need Extra Help?
Speak With An Analyst

Get the help you need in this 3-phase advisory process. You'll receive 9 touchpoints with our researchers, all included in your membership.

Guided Implementation 1: Assess current state
  • Call 1: Define scope and boundaries.
  • Call 2: Perform a current state assessment.
  • Call 3: Review current state assessment.

Guided Implementation 2: Perform a gap analysis
  • Call 1: Determine desired future state of compliance.
  • Call 2: Identify gaps and initiatives to bridge the gaps.
  • Call 3: Group similar initiatives and align under the security framework.

Guided Implementation 3: Build a roadmap
  • Call 1: Prioritize initiatives and build an effort map.
  • Call 2: Build the compliance roadmap.
  • Call 3: Develop a review and metrics program.

Authors

Wesley McPherson

Filipe De Souza

Contributors

  • Andre Da Silva, Manager of Business Security, nbn Australia
  • Darren Sitter, IT Security & Compliance Manager, Maverick Inc.
  • Louis Lerman, IT Officer (Information Security), International Monetary Fund
  • Wayne Chung, Manager – IT Governance, Eosensa
  • One additional professional contributed information that assisted with the development of this blueprint.

Related Content: Data Privacy

Search Code: 76714
Last Revised: March 23, 2016

TAGS:

security compliance, compliance, HIPAA, SOX, sarbanes-oxley, audit, security audit
Visit our IT Cost Optimization Center
Over 100 analysts waiting to take your call right now: 1-519-432-3550 x2019
© Info-Tech Research Group | Terms of Use | Privacy Policy