Many of our customers periodically need an information security expert for assistance with answering questions, conducting remediation activities, and creating and/or providing information security documentation. However, the organization may not be able to justify the expense of hiring a fulltime certified security professional. Also, there is a high demand for cybersecurity talent that holds Certified IT Security Professional (CISSP) credentials, and that demand is outstripping supply as well.
Programs Tailored to your Security Goals and Budget
Our goal is to provide a reasonable, practical approach to information security, adhering to the highest ethical standards of behavior - the code of ethics for a CISSP which includes acting honorably, honestly, justly, responsibly, and legally.
Our information security support services are tailored for our customers and designed to work within their budget. We have been supporting information security programs since 2003, and for over ten years, our team of consultants has been working behind the scenes, providing continual or recurring information security support allowing their staff time to focus on the daily operational issues that only they can address.
How we're Different
In contrast to healthcare information technology firms who only provide assessments, tw-Security is engaged with multiple healthcare customers to help maintain a compliant information security program through continual or recurring support and advisory services. Based on our hands-on experience leveraging lessons learned, we assist our customers to develop their HIPAA compliance programs by providing a reasonable, practical approach to cybersecurity in healthcare using methodologies and tools that have been honed over 13 years!
Our Information Security Support Models
Virtual Information Security Officer (VISO)
– Aimed at maintaining or advancing the information security program with an emphasis on compliance risk management. Primarily provided remotely, this support model allows responsive access to experienced certified professionals who are familiar with your program and organization when needed. This managed support service has a minimum commitment of hours per month.
Information Security Staff Augmentation – Working in a staff augmentation capacity, responsibilities are mutually agreed upon and defined in a Statement of Work. Generally, a commitment of 40 hours or more per month is required. Services are provided remotely with planned onsite visits.
Project-based – Defined scope with clear start/finish and tasks/deliverables, usually involves 20 hours or more level of effort.
On Demand – Designed to quickly respond to small requests and typically used for one-time support issues or provide help as needed.
How our Programs can Help your Organization
- Serving as interim Information Security Officer or expanding the existing information security staff
- Supporting regulatory compliance efforts to include HIPAA Security Rule, the Health Information Technology for Economic and Clinical Health Act (HITECH Act), Meaningful Use, Omnibus Rule, and the Payment Card Industry Data Security Standard (PCI DSS)
- Participating in periodic meetings to review accomplishments, planned activities, and any outstanding issues or concerns regarding information security compliance efforts
- Updating or creating information security documentation as needed
- Maintaining information security risk analysis documentation and risk management efforts
- Offering recommendations for information security controls (products or tools)
- Supporting information security incident and breach response including developing 'playbooks' and 'flowcharts'
- Conducting a business impact analysis
- Helping create a disaster recovery plan
- Creating monthly security reminders - short awareness messages that can be included in an employee newsletter or sent as a broadcast email message
- Providing 'hot topic' briefings targeted for specific audiences, including Board of Director updates