Security & Data Privacy Architecture for Healthcare
International company providing e-health services through cloud based platform, wanted to make sure that its platform architecture was complaint and met requirements of the major data privacy regulations in highly regulated area.
REGULATIONS INCLUDED IN THIS ASSESSMENT:
EU ePrivacy Directive, Hong Kong Personal Data Ordinance, Singapore Personal Data Protection Act of 2012, Monetary Authority of Singapore Technology Risk Management Guidelines, Australian Government Information Security Manual, and well known security standards Center for Internet Security CSC v7, OWASP Top 10.
RECOMMENDED INITIATIVES ROADMAP & DEPENDENCIES
We used A4BEE Security Framework to summarized, categorized and interpreted findings in the areas of cybersecurity and data protection domains for architecture, engineering, data ownership, data processing, data transformation, and privacy. We applied the methods such as analysis of cybersecurity risk, maturity, and coverage as well as impact assessment based on cybersecurity frameworks and standards.
The main areas covered by the project were standards, procedures, mechanisms and tools which address software development lifecycle, engineering practices, technology related threats management, 3rd parties management, security architecture, standards, data management, data access, data privacy, and compliance.
Customer was able to address all gaps to become compliant with key privacy-related regulation, to make sure that company platform, processes and procedures met those standards.
The improvements recommendation was a key tool for Customer as they developed stronger data security measures. Company was able to address identified vulnerabilities to keep data secure, and achieve higher level of security maturity for its platform architecture.