What Can We Do For You?
Our professional services provide privacy and security consulting services that enable organizations to protect their information technology infrastructure and customers/clients’ information. We have the expertise in information privacy and security domains to help protect client’s information systems and to ensure they are in compliance with applicable privacy laws and regulations.
Looking for a consultation to better determine your needs?Contact Us
Our Professional Services
Privacy Impact Assessment (PIA)
A PIA is a process that helps to determine whether new or existing changes to technologies, information systems, and proposed programs or policies meet basic privacy requirements. The PIA helps to ensure that:
- Senior executives have access to the information they need to make fully informed policy, system design and/or procurement decisions
- Accountability for privacy issues is clearly incorporated into the roles and responsibilities of project managers and sponsors
- The protection of privacy is included in the core criteria for business or I&IT projects and for related project activities
- Remedial steps necessary to improve privacy protection in pre-existing programs or systems are identified and implemented
Security Threat and Risk Assessment (TRA)
A TRA is the process of identifying and mitigating threats and risks to the confidentiality, integrity and/or availability of information.
Privacy and Security Architecture
Privacy Horizon’s privacy and security architecture design methodology will assist your organization in developing a conceptual, logical and technical privacy and security architecture which is feasible, cost-effective, and meets the organization’s privacy needs and requirements.
The Gap Analysis provides a snapshot of the state of organization’s information privacy and security program at a given point in time.
Privacy and Security Policy Framework
A privacy and security policy framework provides the foundation for the health organization’s privacy and security program.
There are 3 categories of privacy policies that should be developed for a health care organization:
- Operational Privacy Policies — These policies provide details to enable employees to conduct their day-to-day jobs in a privacy sensitive manner.
The purpose of the Security Policy is to define the safeguards (automation or manual process) to prevent exploitation of the vulnerabilities of information systems and maintaining the three characteristics of the information systems.
Security Testing Services
Security testing evaluates an organization’s ability to protect its networks, applications, endpoints and users from external or internal attempts to circumvent its security controls to gain unauthorized or privileged access to protected assets.
Privacy Pre-Audit Assessment
Once all privacy and security risk mitigation measures have been implemented, an audit needs to be conducted at a predefined period to ensure safeguards and measures are implemented in accordance with applicable privacy legislation.
Incident Management Program
Organizations are required to establish protocols to prevent, detect, contain and respond to privacy and security incidents. PHI Incident Management Program includes:
- Incident Management Policy
- Incident Management Training
- Process and Procedures in handling incident/breach
- “Table-top” exercise for individuals accountable for incident management
Privacy Cloud Readiness Assessment
Assist clients in determine a Cloud Vendor’s privacy readiness in providing service to host Personal Health Information; or provide guidance to assist Cloud Vendor to ensure privacy controls are in place to manage Personal Health Information