Compliance: When You Need to See Everything from 10K Up

At Triton Technologies we have been doing PCI, HIPAA compliance, SOX and more for years. Most of the time it is pretty straight forward and easy to implement the solutions. This one project was going on nearly a year. Wait, what? Yup, a year to bring them into compliance with HIPAA and data protection laws.

Ending the Remediation Cycle with HIPAA

Basically what happened is every week we got a report on what we needed to do to correct potential security issues, address them and wait for the remediation to come back. Time and time again it was the same issues, similar issues or something out of left field. Weeks after weeks, month after month, from the trivial to the hash sequence to the HTTPS certificate registrar, it was becoming monotonous. As one team would shift, another would come on board and eventually it would all start again.

The Importance of Good Communication

Three months ago we put our foot down. ENOUGH. We need to talk directly to the technicians requesting this and ask them some direct questions, which we were given. The first 10 minutes of this conversation were extremely productive, where we could ask the direct question like:

• What are you looking for?
• How are you looking for us to protect it?
• And the all-important: Why?

We came to find out they made A LOT of assumptions, none of them right. After 2 weeks of giving them reports that would give them the data they would need they certified our client. Sometimes it just requires getting in touch with the right people and resolving the issues directly. Does your IT support ask (and answer) questions when they hit walls? If you’re having issues reaching your compliance, contact Triton Technologies, and we’ll help get you there.