Information and Cyber Security Services for local governments and behavioral health

 

 

We help you secure all your information.

Information Security and Cybersecurity for executives and managers

Information security isn't just for IT people. In fact, if you've outsourced or delegated your security to IT, you might be in trouble. 

The conventional wisdom in many organizations is that the information technology staff should be responsible and accountable for information and cybersecurity. This theory is not supported by any standards, frameworks, or best practices for information security.

Boards, executives, and directors have critical roles in defining and overseeing an organization's security posture. Moreover, in a complex organization such as a county or city government, information security should be governed by a multidisciplinary body because the compliance aspects are complex and differ by department. The many moving parts in a comprehensive cybersecurity program are too complex to be delegated to information technology staff or contractors. A truly comprehensive approach to your cybersecurity requirements requires the collective intelligence of a broad cross-section of your staff.

Security Policy

Identifying whether or not your organization has an acceptable, baseline information security program is pretty simple. At a minimum you should have the following five components in place: 

  1. Comprehensive Security Policy. In a county government or behavioral health organization, this document is probably 25 pages or more and has at least 40 policies, but probably many more.
  2. Acceptable Use Policy. This document describes standards for using company-owned resources, ownership, reporting requirements, etc. but may also address the use of social media, work-at-home policies, and a great deal more.
  3. Risk Assessment Report. Risk assessments are a requirement. All behavioral health organizations and most county governments fall under the category of a Covered Entity (CE), so if you are a CE and don't have a risk assessment report, you aren't compliant with HIPAA. HIPAA compliance notwithstanding, every framework or standard for information security requires periodic risk assessments. If you don't have a risk report, you probably don't have a very good security program. 
  4. Documentation. Extensive documentation proving compliance with your organization's security policy should be readily available at all times. Do you have evidence that backups are validated? Are logs checked? Excellent documentation is a required component of a true information security program.
  5. Management participation. Participation of directors and senior managers in an information security program is a requirement.

How we can help

We offer a full range of information security services based on well-established industry standards and frameworks. Policies and procedures are the cornerstones of a solid security program, so that is our starting point. We don't sell hardware or software and have no incentive to sell you "stuff" that may or may not provide your organization with additional protection. We do work with your staff and vendors to develop a comprehensive, layered, defense in depth approach to your information security requirements.

  • Risk assessments & audits
  • Security policy and procedure analysis and development
  • Regulatory compliance, HIPAA, 42CFR, CJIS, and others
  • Security strategy, design, and architecture

Security Policy Development Workshop

If you don't have a standards-based information security policy, we'll work with your multidisciplinary team to develop one that makes sense for your unique organizational requirements. We can perform this onsite, but we can do it much more economically through a series of four or five web workshops which will result in a comprehensive security policy, a clear set of procedures, and a clear chart of responsibility and accountability. Pricing for this varies depending on the size of the organization and your actual requirements. Contact us to get a quote for your organization.

Security Policy Checkup

We'll review your information security policy and make recommendations for improvement.

Information and Cybersecurity Services

HIPAA Security Workshop

HIPAA Security Workshop

Think you're organization is HIPAA compliant?

HIPAA Risk Workshop

Security policy checkup

Security policy checkup

We'll review your security policies and procedures for a low, fixed rate.

Security Policy Checkup

Cyber Security Report Card

Cyber Security Report Card

Get a comprehensive risk assessment for your organization.

Cybersecurity Report Card

Risk Management Services

Risk Management Services

We provide risk assessment and management services for local governments and behavioral health organizations.

Risk Management

Ready to talk?

Enter your contact information and we'll be in touch shortly.

Or, call (607) 731-4097

e-mail: jmorgan@e-volvellc.com

e-volve Enterprise Management Services
519 Blakeslee Road
Milan, PA  18831

Call (607) 731-4097