SSAE 18 Audits | System and Organization Controls (SOC)

Previously SSAE-16

  • Email
  • Home
  • SSAE-18
    • Find a SSAE-18 Provider
    • SSAE-18 vs SSAE-16
    • SSAE No. 18 Clarity
  • Readiness Assessments
  • SOC Reports
    • SOC 1 Reports
    • SOC 2 Reports
    • SOC 2+
      • SOC for Cybersecurity
      • SOC 2+ for HITRUST
      • SOC 2+ for CSA STAR Security
    • SOC 3 Reports
  • Find a SSAE-18 Provider
Home ssae-18 SOC 2+ for HITRUST
SOC 2+ for HITRUST

May 19, 2017 By admin

SOC 2+ for HITRUST

Recently the AICPA announced SOC 2+ for HITRUST which includes the following:

  • This SOC 2+ framework is driven from Healthcare and protection of Personal Health Information (PHI)
  • Impacts industries that are Business Associates (BAs) to covered entities
  • Can be done as a SOC 2 + HITRUST Report or a HITRUST CSF Certification

Additional Criteria based on HITRUST Common Security Framework (CSF) Version 7 include:

  • Clear Desk and Clear Screen Policy
  • Remote Diagnostic and Config Port Protection
  • Network Connection Control
  • Mobile Computing and Communications
  • Teleworking
  • Contact with Authorities
  • Contact with Special Interest Groups
  • Addressing Security When Dealing with Customers
  • Addressing Security in Third‑party Agreements
  • Identification of Applicable Legislation
  • Intellectual Property Rights
  • Regulation of Cryptographic Controls
  • Inventory of Assets
  • Ownership of Assets
  • Acceptable Use of Assets
  • Cabling Security
  • Outsourced Software Development
  • Control of Technical Vulnerabilities
  • Including InfoSec in the BC Management Process

Filed Under: ssae-18

Search

Questions?

Email us at info@ssae-18.com for any questions.

Find a SSAE-18 Provider

 

© Copyright 2017 SSAE-18.org · All Rights Reserved ·