The HIPAA Privacy Rule covers the use and disclosure of privileged information as well as ensuring that information is accurate and available to the individual. It’s boilerplate stuff as far as privacy regulations go, ensuring that information is accessible only to people with a need to know and that only the minimum information necessary is released. The Security Rule is more interesting and lays out the three forms of security safeguards that should be in place in order to comply with the standard: physical, technical and administrative.
Physical safeguards include:
- Access to equipment containing health information should be controlled and monitored.
- Access controls must include facility security plans, maintenance records, and visitor sign-in and escorts.
- Access to hardware and software must be limited to properly authorized individuals.
- Third parties (such as contractors) must be fully trained on their physical access responsibilities.
- Workstations should not be present in high-traffic areas and monitor screens should not be visible to the public.
Technical safeguards include:
What is Vendor Management Risk
Vendor management risk is the risk that the service provider will not perform the contract terms and conditions as specified, causing undesirable consequences for the institution’s operations.
Before entering into contracts with the vendor or third party services, management should assess and review the following factors:
- Alternate vendors and related costs.
- Financial stability of the vendor.
- Capacity of vendor to stay current with industry developments.
- Requirements for contract termination.
- Contract provisions allowing examination of the vendor.
Sample templates for IT Disaster Recovery (DRP) and Business Continuity (BCP) Service Level Agreement. This worksheet should at least covers:
1. The availability level: Continuous/High/General/Limited
2. Planned Downtime:
< 4 Hrs/Mo or or 24 Hrs/Yr
< 8 Hrs/Mo or 48 Hrs/Yr
< 12 Hrs/Mo or 80 Hrs/Yr
Intermittent throughout the year
3. Advanced Notice
4. Unscheduled Downtime:
What is PRMIA?
PRMIA (Professional Risk Managers International Association is a non-profit professional association of risk professionals
What is PRM Certification
The PRM (Professional Risk Manager) Certification is the global standard for financial risk managers. The exam consist of
Exam I: Finance Theory, Financial Instruments and Markets (30 questions)
Exam II: Mathematical Foundations of Risk Measurement (24 questions)
Exam III: Risk Management Practices (36 questions)
Exam IV: Case Studies, PRMIA Standards of Best Practice, Conduct and Ethics (30 questions)
Below some of GARP/FRM (Financial Risk Manager) Examination Frequently Asked Question (FAQ):
What is GARP/FRM?
Global Association of Risk Professionals (GARP) is a not-for-profit association specialized in financial risk management.
What is GARP/FRM aim?
GARP’s aim is to encourage and enhance communications between risk professionals, practitioners and regulators worldwide. Through its events, publications, website and certification examination (FRM), GARP works on expanding views and increasing recognition of the global risk management community.
Top 10 Risks of IT Outsourcing
1. Hidden Costs.
2. Cost & Effort of establishing, governing and managing the relationship.
6. Loss of Control over IT direction.
Download Free Information Security Management System Risk Assessment Template
The method of information security risk assessment applied throughout [organisation name] in respect of [all/information] risks is [method name].
The [Responsible Manager] is responsible for undertaking risk assessments wherever they are required by [organisation name].
Download Free Operational Risk Management Presentation Templates
Operational Risk Objectives:
- Establish a common risk language across the organization
- Define the organization’s risk tolerance
- Foster a climate where risks are identified and openly discussed by all departments and employees
- Inform senior management and Board about Operational Risk across the enterprise
Download Free IT Standard Operation Procedure Templates
- Quality Records
Download Free Business Continuity Plan - Business Impact Analysis Form
What is the level of Criticality to the Business Process?
Highly Critical Function/ Provides new functionality/Demands Attention
Enhances Business Process/Address in Timely Fashion
Routine Function/Neutral Impact on Business