Explore a cost-effective approach to achieving HITRUST certification in this 50-minute conference talk from BSidesSF 2022. Learn how Ginger successfully obtained HITRUST certification in less than $100K and 11 months, significantly reducing the average cost and time typically associated with the process. Discover strategies for performing gap assessments and remediation in-house, integrating HITRUST into your Information Security Program, and implementing organization-wide security awareness initiatives. Gain insights on leveraging inheritance controls, incorporating technical controls in SDLC, and utilizing SaaS management tools. Understand the importance of proper documentation, scope definition, and electronic approval processes. Benefit from practical tips on getting team members HITRUST CCSEP certified and streamlining the certification journey for healthcare organizations seeking this prestigious accreditation.
Overview
Syllabus
Intro
About me
Goals
Assumptions
Why HITRUST? - Multiple authoritative sources
Ginger HITRUST Journey
Ginger HITRUST Metrics (1/2)
Breakdown
Perform the gap assessment and remediation yourself
Gap Remediation
Make HITRUST part of your Information Security Program
Initiate an organization-wide Security Awareness Program
Get at least one team member HITRUST CCSEP certified
Identify the inheritance controls
Include technical controls in SDLC
Implement a SaaS Management tool
Electronically approve documentation
Start with the relevant scope
Document everything!
Summary
Taught by
Security BSides San Francisco
