Will you be left holding the bag?

Introduction

Where data security decision making is concerned, the PCI DSS and HIPAA regulatory requirements  are more striking for what they leave unsaid than for what they say. They do tell you what an auditor would look for in determining the level of your systems’ data  security. However, the security checklists  don’t enable you to figure out your  actual level of security yourself,  leaving you to guess whether your pre-audit documentation supports the claims you submit.

But somebody other than you has to be able to determine your level of data security – and if you’re audited, somebody will. The purpose of this article is to help you document and quantify what you’re thinking about prior to an encounter with an auditor, so that you and the auditor can reach a similar conclusion about your actual levels of security.

Related Posts Plugin for WordPress, Blogger...
Tell your friends and colleagues about us. Thanks!
Share this

Leave a Reply

Your email address will not be published. Required fields are marked *