BLOG
Bursting at the Seams: Security Audit Response Overload
Published On November 19, 2019
Blog Post by Brian Selfridge, Meditology Services IT Risk Management Partner
Every pipeline has a capacity limit. Problems begin when the flow is clogged or overwhelmed. First as a small leak, then a rupture occurs where the whole pipeline is in jeopardy. Only we are not talking about fluids drowning us, it is the increasing volume of Healthcare Security Audits. How can businesses meet the security demands of healthcare clients and provide meaningful and timely responses to their security audit questionnaires?
We interviewed CISOs from business service providers to healthcare entities to hear how the increased demand for security audits is being managed so they retain and keep winning and sustaining healthcare clients.
Here is what we learned is needed to offer effective and timely communication on security audits:
- Streamlined responses for repetitive security questions which often are addressed through a Certification with an industry security framework such as SOC 2, NIST, ISO or HITRUST.
- Ready access to supporting documentation. A database of audit responses to commonly asked questions.
- Monitoring of changes in security posture due to system adaptations, upgrades, new equipment or services, or merged organizations and updating documentation accordingly.
- Efficient process for security audit response turnaround within 15 days, leveraging third party support where needed.
We hear from many businesses servicing healthcare clients that it requires the work of one full-time employee just to keep up with all the security requests. Many times the same questions are asked over and over again.
A managed service provider can assist vendors and healthcare organizations in helping divert excessive use of security audit questionnaires, while also providing assurance of security requirements and protocols in the vendor network. Streamlining work processes for over-burdened Information Security teams enables them to focus more on systems performance and other high-value data security activities, rather than completing repetitive security audit forms.
Unclog your security audit response process and recover resources and costs by aligning with standardized security frameworks, maintaining centralized answers to commonly asked questions, and allocating dedicated staff or third-party managed security response services.