SOC 2 ATTESTATION AND INFORMATION SECURITY AT FAIRWARNING

SOC 2 Attestation and Information Security at FairWarning

FairWarning continues to invest in information security technologies, procedures and training as well as associated governance. For our United States customer operations, this means assessments and governance for HIPAA, and for our international operations we do the same for a range of security and privacy standards.

In August FairWarning will kick off our SOC 2 Type 1 Attestation and this comes after two years of continual information security technology investments and procedural improvements.  A few are outlined below:

Governance and Information Security Team and Meetings
For nearly two years I have participated in the our weekly governance and information security meetings to demonstrate the highest level of executive support for these initiatives.  This also provides clear visibility on requirements for budgetary and organizational support.  This commitment has generated strong, lasting momentum for information security at FairWarning

Secure Devices: Two Factor Authentication
Two Factor Authentication is the latest technology implemented to further our information security systems.  Every team member must now present two authentication factors to gain access into their computer devices and to customer data. We believe this helps establish a strong defense against the misuse of team members devices and is a deterrent for bad actors
Laptops and Portable Media
All of our laptops have encryption installed at the time they go into use at FairWarning.  Further, we have disabled portable media on every laptop and this restriction can be circumvented only by a special change process
Secure Monitoring: Point-to-point Virtual Private Network
We use a secure point-to-point VPN to remotely monitor and support customer deployments. This allows our service teams to not only secure and encrypt transmission of data, but proactively monitor the status of system jobs like file delivery, file parsing, backups, as well as whether a system is online. Our goal is to find problems and fix them before customers, without jeopardizing the security of your data, and to execute these operations with the utmost security
Secure E-mail Communication: Transport Layer Security
TLS offers customers the assurance of more secure transmission of email between organizations. Utilizing this communication technology reduces the chance of outside parties tampering with any sensitive messages or data. We have implemented this with our customers and have required it for new implementations.  We have also implemented a secure email system for non-customer communications or for those few customers who do not support TLS
Educating Team Members
Team members are aware of the important role they play in security. They are the front line of defense when it comes to security. We conduct extensive security awareness training to ensure our team members are vigilant and help us minimize human error.  We also have policies and training on anti-corruption practices
We all know there is no “perfect security posture” so we strive to relentlessly improve and drive the culture of information security and governance into FairWarning’s culture.
2017-06-20T15:25:51+00:00

About the Author:

Kurt is the Founder of FairWarning® and has been involved in patient privacy monitoring deployments with healthcare customers representing over 7,000 healthcare facilities & exchanges. Articles and work produced by Kurt have been published dozens of times in major information security & compliance publications, and he is frequently asked to testify or brief federal government officials on healthcare privacy. Kurt is a U.S. patent holder and has been involved in an advisory or founding role of several market-leading information security companies. Kurt holds a Master’s degree in Theoretical Mathematics from the University of South Florida. Kurt is also a champion for entrepreneurship with high school students and is the Co-founder of Next Generation Entrepreneurs with the Pinellas Education Foundation.