vCISO

Regardless of regulatory vigilance in your business or company, the absence of a CISO puts too much at risk, especially in today’s cybersecurity landscape. Cyberattacks have increased dramatically in the last few years, affecting both large and small organizations. As the attacks become more sophisticated, it is inevitable that all organizations will be hit by one in the near future.

Small and medium businesses (SMB) and non-profits are not immune to these threats. Over 60% of SMB have had some form of threat and many negatively impacted either by costs or lost business. Many companies now realize that protecting their information, assets and business in this changing landscape will require risk-based, executive-level expertise, management and ownership that goes beyond their IT department.

Speak to an Expert

data-loss-prevention-dlp

6 Components of a vCISO

Guardian, Strategist, Avisor and Technologist combined

Virtual CISOs

A virtual CISO, or vCISO, can enable organizations that don't have the resources or expertise in-house to run a comprehensive and ongoing leadership program.

As both a technical expert and a senior leader, a vCISO can use their skills and experience to create a full program that takes care of technology, processes, and people. You can have these advantages at the tip of your fingers without having to pay the exorbitant prices of a full-time job, which may be hard to find or too expensive.

A virtual CISO provides a flexible approach that can change from month to month as needs and priorities change. With a model based on a monthly retainer, a vCISO can be short-term or long-term and can work on both an operational and strategic level. This makes it possible for organizations of any size to get expert help at a price that fits within their budget.

Why a vCISO?

Cybersecurity is a risk issue, not a technology problem. Companies need to be able to have human resources capable of aligning security strategy with the core mission of the organization.

This is where a vCISO can help. A virtual CISO can help organizations that do not have the resources or in house expertise an ongoing leadership and comprehensive program. As a technical expert and senior leader in one, a vCISO can leverage their experience and skills to develop a comprehensive program that handles technology, process and people. They can also do it without the high costs of a full-time role that might be cost prohibitive or hard to find.

A virtual CISO offers a scalable approach that can vary month to month as the needs and priorities change. Working at both an operational and strategic level, and with a model built on a monthly retainer, a vCISO can be short or long term, enabling expertise to be available for all sizes or organizations at a cost that are manageable within any budget.

Greater Security & Lower Costs

Organizations of Every Size Can Benefit From a vCISO

Get immediate access to a virtual CISO and a team of experts who can hit the ground running and guide your organization through strategic initiatives.

What Can Our vCISO Expertise Bring to The Table?

Accorian's vCISO provides expert guidance for both tactical and strategic initiatives. Get the same 360-degree cybersecurity coverage as a full-time, onsite CISO — at a fraction of the cost.

Even the most seasoned CISOs may benefit from professional advising services to manage stakeholder expectations, various security programs, regulatory requirements, and the evolution of cybersecurity technology. By using our vCISO services, you are not just employing a single security professional, but a team of Security Advisory specialists.

Every organization, regardless of their scale and size, can benefit from a vCISO. With Accorian, you can obtain rapid access to a virtual CISO and a team of specialists that are able to help your company through strategic objectives.

The vCISO from Accorian delivers professional counsel for both tactical and strategic endeavors.

You can also tailor your vCISO plan depending on the hours of service you receive.

Accorian’s vCISO program provides a complete array of services, all of which are included in the monthly subscription. These include:

01

Vulnerability Management

Penetration testing, static code analysis, analysis of dynamic web applications.

02

Audit and Compliance

Monthly phishing simulations, security awareness training, audit prep

03

Risk Management

Ongoing assessment and tabletop exercises.

04

Establishing Security Guidelines

Ongoing policy, procedure and control development.

How Our vCISOs Can Help Businesses

Provide an economic option for many budget-sensitive businesses
Allow a business to sign short-term contracts during a crisis
Gauge your system's ability to manage threats, create security programs, and scan
for vulnerabilities
Supplement an investigation and prevents further loss of valuable resources
Help you avoid extremely costly non-compliance penalties
Act on behalf of your company, completing necessary reports, managing insurance disputes, and advocating for the maximum benefits from your insurance provider
Educate employees on how to guard your company’s assets today and into the future

The Role of a vCISO

The responsibilities and requirements of a virtual chief information officer are similar to those of a regular CISO, only on a virtual, lower-cost basis. Hundreds of both SMBs and larger companies have realized the cost advantages, flexibility, and broader experience a vCISO provides. Cyber Security Advisory Services gives you the visibility and insight you need to improve your cyber security posture.

A vCISO's Responsibilities

01

Rationalizing Cybersecurity Activities

Ensure that all initiatives align with privacy compliance, risk management, and business strategy goals as a whole.

02

Access Management

Ensure that only authorized users have access to sensitive data and systems.

03

Policies & Processes

Creation of policies, procedures, process flows, and supporting documentation

04

Governance & Compliance

Ensure your information security activities comply with all applicable regulatory frameworks.

05

Decrease Risk

Identify and prioritize security efforts to reduce risk efficiently and affordably.

07

Gap Fillers

Fills security gaps where enterprises need it most by concentrating on cybersecurity strategy and execution, while internal teams stay committed to their core skills.

06

Multi-Industry Expertise

Expertise in numerous sectors due to exposure to multiple customers, as opposed to CISOs that operate in isolated verticals.

08

Independent of Internal Politics

vCISOs are not influenced by personal career objectives or internal politics. They function as a neutral third party with the objective of ensuring that customers make the best security choices for their organization.

This presents an edge to expanding firms who are unsure if a full-time CISO is necessary. Through the vCISO, the customer receives access to a whole team of specialists for a fraction of the expense of a single on-site CISO.

Resources

Article

CHOOSING THE RIGHT FIRM FOR YOUR PENETRATION TESTING SERVICES

Written by Premal Parikh Numerous security firms perform penetration testing and red teaming. However, determining the security firm suitable for your organization is difficult. So how do you select the right firm for your Pentesting services? One must consider factors such as the firm's experience, methodology, and cost-effectiveness while making the right choice. Security threats are increasing at an alarming rate in today's dynamic digital world. The year 2022 saw nearly 236.7 million ransomware attacks worldwide. With organizations being more vulnerable to cyberattacks, businesses of all sizes should conduct penetration testing and regularly improve their security. Furthermore, it is critical to recognize that lack of vulnerabilities discovered during penetration testing can indicate one of two things: Either there are no vulnerabilities in the application/network being tested; or Your testing team has failed to identify existing vulnerabilities. Unfortunately, if it's the latter, you'll usually find out when the vulnerability is exposed in a breach or when your client conducts their testing and discovers the problem. Key Factors to Consider When Hiring a Security Testing Firm 1. Certifications When choosing a penetration testing firm, it is critical to consider the testing team's certifications, such as CEH (Certified Ethical hacker), OSCP (Offensive Security Certified Professional), and other relevant qualifications. However, evaluating the company's credentials to ensure competence is equally important. Surprisingly, only a few companies have obtained the two important credentials, PCI ASV & CREST, which necessitate rigorous assessments and process reviews to demonstrate their competence to the councils. These credentials demonstrate that the company meets the established high standards, and it ensures that only the best of firms are chosen. PCI ASV PCI (Payment Card Industry) has a credit card connotation, but to become an ASV (Approved Scanning Vendor), a company must undergo an intensive test in which an environment is set up. The company must find and report vulnerabilities in that environment to the PCI council. The environment is designed to mimic a real-world production environment, and the report generated could easily be several hundred pages long. Many significant investment and financial services firms have mandated that their vendors be tested by a PCI ASV, even if there are no credit cards in the environment, to differentiate the firm's quality. CREST CREST is a European-based certification that verifies that the testing team follows consistent processes and tools (among other things) across their team and that it is not up to the individual tester to 'figure it out.' It seeks to transform testing from an art to a science wherever possible. 2. Scalability Is your security company available when you need them? Do they have a large enough team to respond quickly if you need something tested? Do they have experience in various environments? On a multi-test contract (either testing multiple times a year or for multiple years), they can also frequently change the person performing the test. Although this is slightly less efficient than having the same person do it for years, it allows a different perspective on the application or network, as well as attack scenarios. As much as we try to make testing a science, there is also an element of art to it. 3. Delivery Process and Platform The delivery process and platform are crucial when hiring a security testing firm. It is essential to understand how the testing results will be delivered, how the report will be accessed and secured, and whether there will be a platform for analyzing the results over time and collaborating on vulnerability fixes. Furthermore, clear communication and regular updates on the test status can aid in the delivery process. 4. FAQs to...

View More

Article

HIPAA UPDATES 2023

Written By Vigneswar Ravi & Vignesh M R The Latest on HIPAA Compliance HIPAA Compliance will be undergoing significant changes, this year in 2023, which you need to be aware of. But, let's look at its history before we get into the upcoming changes in the HIPAA Privacy Rule.The United States established HIPAA in 1996.  However, there were no set rules for gaining access to medical records till then. In fact, all the local and state governments had established their own rules and fees. HIPAA established standardized rights and responsibilities for managing and safeguarding Protected Health Information (PHI).However, changes in working practices and technological advancements over the last ten years have given rise to various issues with HIPAA. To address these concerns, the department of Health and Human Services (HHS) Office for Civil Rights (OCR) had to issue HIPAA guidelines to clarify misunderstandings about HIPAA requirements rather than make rule changes. The major HIPAA update was enacted a decade ago, and changes to HIPAA Rules are now required. The latest response was due earlier this year but has been postponed until March 2023. Proposed HIPAA Updates to the Privacy Rule in 2023 PART 1Allowing patients to examine their PHI in person and take notes or photographs.Reducing the maximum time for providing PHI access from 30 days to 15 days.Restricting the rights of individuals to transfer ePHI to a third party maintained in an Electronic Health Record (EHR).Confirming that an individual has the authority to instruct a covered entity to transmit their electronically Protected Health Information (ePHI) to a personal health application upon the individual’s request.Specifying when individuals receive ePHI free of charge.Mandating that covered entities notify individuals about their entitlement to receive or authorize the transfer of their Protected Health Information (PHI) to a third party, in cases where they are provided with a summary of the PHI instead of a complete copy.Extending the authorization of the armed forces to disclose or use the PHI to all uniformed services.Adding a definition for electronic health records.Modifying the language to enhance the ability of a covered entity to disclose PHI to prevent a potential threat to health or safety in circumstances where the harm is "reasonably and significantly predictable.”Creating a pathway for individuals to direct the sharing of PHI maintained in an EHR among covered entities.Obtaining a written acknowledgment from a person for receiving a Notice of Privacy Practices will not be required by covered entities.Requiring HIPAA-covered entities to publish on their website the estimated fee schedules they charge for PHI access and disclosures.Furnishing personalized cost estimates for supplying individuals with a copy of their PHI will be required of HIPAA-covered entities.Broadening the scope of healthcare operations to include care coordination and case management.Requiring HIPAA-covered healthcare providers and health plans to respond to records requests from other covered entities when individuals exercise their HIPAA right of access.Granting authorization to covered entities to utilize and disclose certain Protected Health Information (PHI) if they genuinely believe it is in the individual’s best interest.Introducing an exemption to the minimum necessary standard for individual-level care coordination and case management purposes, irrespective of whether these actions are classified as treatment or healthcare operations.PART 2In November 2022, Office for Civil Rights (OCR) and the Substance Abuse and Mental Health Services Administration (SAMHSA) issued a Notice of Proposed Rulemaking (NPRM) which sees both Part 2 and HIPAA changes to align these regulations better.Part 2 protects patient privacy and treatment records for substance use disorder (SUD), with HIPAA governing protected health information. Since SUD records are highly sensitive, they require more safeguards and restrictions than other types of health information covered...

View More

Article

THE vCISO SUPERPOWER: A Virtual Chief Information Security Officer for your Cybersecurity Goals

Introduction There is a famous adage by Spiderman in Marvel comics, "With great power, comes great responsibility," and that’s how important a vCISO (Virtual Chief Information Security Officer) is in an organization. Today's digital transformation goes beyond automation and embraces technology for a broader range of tasks. The cybercrime epidemic is threatening, with a 15% annual growth rate. With the increased use of technological platforms, the threat of cybercrime costs organizations millions of dollars. In response to this growing threat, the global cybersecurity market is expected to grow at a compound annual growth rate of 13.4%, reaching USD 376.32 billion by 2029. (From USD 155.83 billion in 2022). With the rise of sophisticated threats and the growth of cybercrime, a Chief Information Security Officer (CISO) in senior management is required for organizations. The CISO can provide a comprehensive cybersecurity framework and requirements tailored to their business needs. However, employing a full-time CISO can be costly. Instead, a virtual CISO can be used to meet the exact needs of multiple companies. The vCISO can effectively address the organization's cybersecurity needs and collaborate with senior management to provide a cost-effective strategic cybersecurity plan. Who is a vCISO? A vCISO (Virtual Chief Information Security Officer) is an external security advisor and expert whose responsibilities vary depending on an organization’s business requirements. They are responsible for keeping critical systems and sensitive data protected from cybercriminals. They provide organizations with on-demand access to experienced security expertise, eliminating the need for a full-time employee. This provides organizations with the resources and knowledge they require to protect themselves from cyber threats without incurring the high costs associated with a full-time employee. How Can A vCISO Accelerate Your Business? 1. Making security a growth lever By bringing on a vCISO, you can ensure that your security is up to date, in compliance with regulations, and capable of enabling growth opportunities. With the vCISO in charge of security, the organization can concentrate on activities that directly contribute to business growth. 2. Assisting in ensuring that your internal security posture is excellent A vCISO can assist you in establishing a secure internal security posture and conducting security audits to identify existing vulnerabilities and potential security threats. This can aid in discovering and mitigating existing vulnerabilities, as well as the development of strategic plans for data access control, authentication, and authorization protocols. With a vCISO on board, the organization can be confident in the strength and security of its internal security posture. 3. Complying with security regulatory requirements Having a vCISO on board can also assist in complying with applicable regulatory requirements. The vCISO is familiar with many different regulatory bodies' security requirements and can ensure that the organization meets them. Furthermore, the vCISO can assist with periodic audits and assessments to ensure that the organization complies with all applicable regulations. Why Should Your Organization Hire A vCISO? ​ A vCISO can help your organization with strategic advice, roadmap creation, query resolution, board consulting, and client conversations. They can also manage programs, oversee tactical and operational tasks, as well as provide a comprehensive view of the organization's information security landscape. Furthermore, a vCISO is critical to an organization's cyber defense, assisting in the security of systems, processes, and data while aligning security with the organization's overall goals and objectives. Roles & Responsibilities Responsible for overseeing the implementation of security protocols and policies. Guide security-related topics, such as encryption, authentication, and risk management, to protect the organization against potential threats. Provide strategic advice to an organization and ensure that the organization's security practices are current. This includes identifying and recommending ways to close any...

View More

Article

WebSocket Vulnerabilities: Keep Your WebSocket Connection Safe

Written by Somya Agrawal Introduction  WebSocket is a powerful tool for sending and receiving messages over a network. It enables quick and reliable data exchange by establishing two-way communication between the server and the client. It is used in everything from online gaming to real-time data streaming. Unfortunately, WebSocket only comes with flaws. Cross-Site WebSocket Hijacking (CSWSH) is a security threat that allows malicious actors to hijack a legitimate WebSocket connection, allowing them to intercept, modify, delete, and inject data. They are also vulnerable to Denial-of-Service attacks, which can prevent legitimate users from accessing the network. WebSocket can also perform man-in-the-middle attacks, allowing attackers to modify or inject data into the network without the user’s knowledge. Here's everything you need to know about WebSocket! What is WebSocket? WebSocket allows two-way communication between a website and its server in real-time. It is a protocol that allows the client and server to transmit messages over the channel at the same time. They're used for things like chat apps and updating information on a website without having to refresh the page. The WebSocket-based connection lasts as long as either party lays it off. When one party terminates the connection, the second party can no longer communicate since the link is automatically terminated. WebSocket, like HTTP, can be either encrypted or unencrypted, as defined by the WebSocket schemes ws and wss, where ws:// is an unencrypted WebSocket, and wss:// is an encrypted WebSocket over TLS. They act as a backdoor connection between your computer and the website. Instead of waiting for the website to send you information, you can ask for it and receive it immediately, and the website can also send you information without requiring you to refresh the page. It's like a two-way phone call in which you and the website can converse simultaneously. How Does WebSocket Work? The usual WebSocket interaction between client and server consists of the following steps: What are the Common WebSocket Vulnerabilities? Improper WebSocket implementation can lead to serious vulnerabilities. Some of the most common security flaws are: 1. Cross-Site WebSocket Hijacking (CSRF with WebSockets) If the WebSocket handshake relies on HTTP cookies for the session and does not include a Cross-Site Request Forgery (CSRF) token, an attacker can write a custom script on their domain to establish a cross-site WebSocket connection to the vulnerable application. Using this attack approach, an attacker might obtain sensitive information. You can find a common script below that can be used to exploit this vulnerability: 2. Unencrypted Communications A WebSocket, like HTTP, can be encrypted or unencrypted. It utilizes the WebSocket schemes ws and wss to differentiate between the two. In particular, ws:// represents an unencrypted WebSocket, whereas wss:// represents a WebSocket encrypted with Transport Layer Security (TLS). 3. Denial of Service The server may receive an endless number of connections via WebSocket. This allows an attacker to perform a denial-of-service attack against the server, which significantly strains the server and consumes all its resources, thus delaying communication. The script below frequently crashes the WebSocket server, affecting some versions of the WebSocket client: 4. Sensitive Information Disclosure This occurs when WebSocket fails to protect confidential information adequately and may allow unauthorized access to such information. Passwords, credit card information, private communications, and intellectual property are examples of sensitive data. Additionally, this type of security flaw can be vulnerable to various services and systems, including databases, operating systems, and network devices. 5. Input-Validation Vulnerabilities If an attacker has access to WebSocket communications and the server does not properly validate or sanitize the input, an injection attack may occur. An attacker, for example,...

View More

Article

UNDERSTANDING AI RMF 1.0 - The Artificial Intelligence Risk Management Framework

Written by Tathagat Katiyar & Harshitha Chondamma Introduction Artificial Intelligence is undergoing continuous growth and development, with new technologies and applications being developed daily. As AI becomes more prevalent and integrated into various industries, it is critical to ensure that these systems are trustworthy, secure, and transparent. This is where the Artificial Intelligence Risk Management Framework 1.0 (AI RMF 1.0) from the National Institute of Standards and Technology (NIST) comes in. This framework provides organizations with guidelines and best practices to help them confidently develop, deploy, and operate AI systems.In this blog, we will cover NIST AI RMF 1.0 in-depth, including its features, benefits, and how organizations can use it to ensure AI systems meet high security and compliance standards.On January 26, 2023, the National Institute of Standards and Technology (NIST) under the U.S. Department of Commerce) released a Risk Management Framework for Artificial Intelligence (AI RMF). The AI RMF is designed to assist companies in managing risks and promoting responsible development while deploying or using AI systems. Although compliance with the AI RMF is voluntary, it can be helpful for companies seeking to manage their risks, particularly in light of regulators' increased scrutiny of AI.The Artificial Intelligence Risk Management Framework helps organizations to establish a systematic approach for information security and risk management activities focusing explicitly on Artificial Intelligence.  A robust AI risk management framework offers organizations asset protection, reputation management, and optimized data management.  It can also protect against competitive advantage, legal risks, and missed business opportunities. What is NIST AI RMF 1.0? The NIST AI RMF 1.0 is a set of standards and practices for evaluating, maintaining, and improving the trustworthiness of AI systems. AI RMF 1.0 provides an adaptable, structured, and quantifiable process that enables organizations to address AI risks. The aim is to assist organizations in understanding the risks associated with AI, developing strategies to manage those risks, and evaluating the trustworthiness of AI systems prior to deployment.Organizations may voluntarily determine compliance with AI RMF 1.0. The framework is designed for organizations that operate, develop, or deploy AI systems. It also applies to government agencies, non-profit organizations, and private companies. Additionally, it can serve as a reference guide for meeting regulatory and compliance requirements and enhancing their AI systems' performance, transparency, and trustworthiness. Salient Features of NIST AI RMF The AI RMF consists of two main components: Section 1The first section outlines how organizations can frame AI risks and the features of trustworthy AI systems. Section 2This forms the framework's core and includes four specific functions to help organizations address risks associated with AI systems. These include: 1. Govern: Guides organizations on how to develop governance structures and processes for AI risk management.2. Map: Advises organizations on identifying, assessing, and prioritizing AI risks.3. Measure: Helps organizations evaluate and monitor AI systems to ensure they perform as intended and per the organization's risk management objectives.4. Manage: Assists organizations in implementing risk mitigation strategies and managing AI risks over time. Objectives of NIST AI RMF The framework is designed to be voluntary, preserve rights, be non-sector specific, and be agnostic to use cases. This gives organizations of all sizes, sectors, and industries the flexibility to implement the ideas in the framework. The core objectives are to: • Provide a resource to companies creating, developing, deploying, or utilizing AI systems.• Assist organizations in managing various risks associated with AI.• Promote the development and usage of AI systems that are trustworthy and responsible. Bias in AI extends beyond ensuring demographic balance and representative data. In other words, an AI system may still pose problems even if it distributes predictions...

View More

Article

ACCORIAN is now CREST Accredited

We super are thrilled to announce that ACCORIAN is now CREST Accredited. CREST is a not-for-profit accreditation and certification body representing the technical information security industry. The CREST Codes of Conduct contain the basic principles that underpin good business practice and ethics, which are all-pervasive. They describe the standards of practice expected of Member Companies and their Consultants and must be observed in parallel with the Code of Ethics. “Accreditation of Accorian is a strong endorsement of its penetration testing team and commitment to robust business processes, data security, and testing methodologies,” said Rowland Johnson, President of CREST. “It also reflects the growing influence of CREST across the Americas and the growing demand for highly-skilled penetration testing services from trusted providers that can demonstrate internationally-recognized, independent validation.” Said Rowland Johnson, President CREST. This accreditation is outcome-focused and concentrates on providing positive outcomes that will benefit and protect clients when achieved. It demonstrates our ability to deliver comprehensive and effective security testing services that meet the most stringent industry standards. Our penetration testers at Accorian are certified and experienced in conducting penetration tests across a client’s entire tech stack, including on-prem & cloud environments. Additionally, they are skilled at conducting adversary simulation tests in the form of red team assessments. The team has a combined experience of working with 500+ clients on 1200+ penetration tests and detection of 25000+ vulnerabilities. Our time-tested and proven penetration testing methodology is built using OSSTMM, OWASP, NIST, and PTES standards. Accorian is an established cybersecurity advisory firm with a global clientele that assists businesses of all sizes in improving their cybersecurity posture through their compliance readiness, audit & penetration testing services, along with meeting long & short-term staffing needs. Our team comprises cybersecurity and IT industry veterans who have held leadership and CXO roles at large global enterprises. Based in New Jersey with regional offices in India, UAE, and Canada, we bring our extensive & diverse experience to our clients. We average over ten years of combined experience in information security & technology as auditors, implementers & testers. Besides penetration testing services, we offer compliance services (readiness and assessment/audit) that include HITRUST, SOC 2, ISO 27001, NIST CSF, PCI DSS, HIPAA, GDPR, etc.

View More

Article

ACCORIAN Joins Civitas Networks for Health

East Brunswick, NJ, May 12, 2022 - Accorian, today announced it has joined Civitas Networks for Health, the largest national network of its kind. Civitas is comprised of member organizations working to use health information exchange, health data, and multi-stakeholder, cross-sector approaches to improve health. Accorian is a leader in providing cybersecurity and compliance services, with a special focus on the healthcare and health technology industry. We work with our clients reduce their security risks and assist companies of all sizes achieve their necessary cybersecurity compliance(s). As an external HITRUST assessor firm, we have helped companies achieve HITRUST certification along with SOC 2 and ISO certifications. “With Accorian’s focus on heath, becoming a member of Civitas allows us to further that focus with the health collaboratives. We hope to continue working with HIEs to strengthen their security and compliance posture,” said Accorian CEO Premal Parikh. “Civitas Networks for Health is excited to have Accorian join our national network,” said Civitas CEO Lisa Bari. “We are raising the voices of local health collaboratives and those providing critical services to support health transformation. From the secure exchange of life-saving data to the accountability of multi-stakeholder initiatives, our member organizations have built the most trusted, connected, and inventive programs to serve their communities.” About Accorian Accorian is full-service cybersecurity and compliance firm that helps its clients with both security AND compliance. Accorian’s clients range from start-ups to fortune 100 firms. Founded in 2019, Accorian is an external HITRUST assessor and a PCI ASV. To learn more about Accorian please visit www.accorian.com About Civitas Networks for Health Civitas Networks for Health is a mission- and member-driven organization dedicated to using health information exchange, health data and multi-stakeholder, cross-sector approaches to improve health. It was formed in October 2021 with the affiliation of the Strategic Health Information Exchange Collaborative (SHIEC) and the Network for Regional Healthcare Improvement (NRHI). Civitas Networks for Health counts more than one hundred regional and statewide health information exchanges (HIEs), regional health improvement collaboratives (RHICs), quality improvement organizations (QIOs) and all-payer claims databases (APCDs) as well as more than 50 affiliated organizations as members and reaches approximately 95 percent of the United States population. To learn more, please visit www.civitasforhealth.org

View More

Article

We are proud of our client, Novus Health Systems, for achieving HITRUST r2 certification. Congratulations.

“We are proud of our client, Novus Health Systems, for achieving HITRUST r2 certification. Congratulations.” In today’s ever-changing threat landscape, HITRUST is continually innovating to find new and creative approaches to address challenges, said Jeremy Huval, Chief Innovation Officer, HITRUST. This achievement places Novus in an elite group of organizations worldwide that have earned this certification. Read More

View More

Article

KPI Ninja Earns HITRUST r2 Certification for Information Security

Congratulations to our client KPI Ninja by Health Catalyst on their HITRUST certification! The certification ensures KPI Ninja meets the key compliance requirements included across a wide rang of industry standards and frameworks, and federal and state regulations. Read More

View More

Article

Kiran Murthy, VP and Head of Enterprise Accounts at Accorian, becomes the Newest Panel Member of ISO 27001 and Privacy Protection at the Standard Council of Canada

Accorian is proud to announce the appointment of Kiran Murthy to the Standard Council of Canada (SCC). The Standard Council of Canada is a governing council that oversees the organization that reports to the parliament through the Minister of Innovation, Science, and Economic Development. Its responsibilities include Accreditation of standards development and conformity assessment organizations Approval of standards submitted as National Standards of Canada (NSCs) Adoption of relevant policies to support SCC programs and services Kiran joined Accorian in 2020, and given his expertise in cybersecurity consulting, the department has witnessed exponential growth under his leadership. He has worked with clients to deliver and embed Cybersecurity and Governance across a range of sectors, including Health, Media, Financials, Insurance, and Hospitals. We are proud to have him as an integral part of the Accorian team and wish him all the success in his future endeavours. As Accorian, we are a full-service cybersecurity, compliance, and consulting firm helping companies improve the way they approach and manage risks. We are certified assessors OF HITRUST AND HELP IMPLEMENT FRAMEWORKS SUCH AS NIST, SOC2, ISO 27001, ETC.  Our goal is to facilitate a smooth certification process for our clients while also make sure they look at security first.  If you would like to evaluate and strengthen your cybersecurity posture, please email us at info@accorian.com or call us at +1-732-443-3468.

View More

What Our
customers are
saying about us

Read Testimonials

The Accorian Advantage

Accorian’s cybersecurity and compliance teams bring a wealth of experience to help navigate organizations through their information security journey. Our hands-on, white-glove approach combined with a goal-oriented, proven methodology brings both fiscal value and expertise to each of our clients. The facts speak for themselves.

    Ready to Start?

    We are Qualified

    we are qualified
    we are qualified
    we are qualified

      Ready to Start?

      Download Case study

      Download SOC2 Guide

      Human Resources Director

      Posted On: 09 May, 2022

      Drop your CVs to joinourteam@accorian.com

        Interested Position
        First Name
        Last Name
        Email
        Total Experience
        Mobile Number
        Upload Resume
        Cancel