Datica Blog

Learn what it takes to be compliant on the cloud with our free self assessment

Kris Gösser

Chief Marketing Officer

July 12, 2018   Compliance HITRUST HIPAA Cloud Computing Healthcare Cloud

We are asked daily questions around what it takes to be compliant on the cloud. Sometimes it’s simple, like how long to retain PHI data for disaster recovery (answer: it depends, but probably 90 days). Sometimes it’s complex, like if the emergent serverless computing paradigm meets the requirements of global compliance regimes (answer: it depends, but pull up a chair).

Consistently, the biggest barrier to a successful cloud compliance program is simply the complexity of understanding everything. This is really hard! But not because it’s hard to understand, only hard to absorb all the information.

In order to help those assessing their own compliance posture on a public cloud like AWS, Azure, Google Cloud, or IBM, we crafted a lightweight self assessment. We say lightweight because by no means is it a comprehensive risk assessment tool—you should stick to something like a self assessment with the HITRUST CSF v9.1. Instead, it is purposefully designed to condense all the controls into an easy to understand list. Brevity was the focus but in the Datica way of transparent content and helpful guidance. You can download it free today.

The assessment is pretty straightforward:

  • It is cut up into the three broadest layers of cloud technology with which we can advise—the physical layer, the operating system layer, and the administrative layer. Consider these the main layers to think about abstracted cloud services.
  • Within the layers, we itemized general considerations, like network encryption or access control lists. The items are somewhere between the granularity of an official risk management framework and an understated bulleted list. Broad enough to not cause your eyes to bleed from the legalese, but concise enough to accurately describe the consideration.
  • Along with the item we offer a quick binary assessment, to which a simple Yes or No answer will guide you to understanding if you have more research to do.

For those who are not experts, and are trying to wrap their head around what it takes to be compliant on the cloud, will find the tool useful. Let us know what you think!

Get the HIPAA & HITRUST Compliance Self Assesssment Worksheet here.

Related

Best Practices are Best Practices: How Datica Handles Global Compliance

Christopher Gerg

Chief Security Officer

Datica's ability to serve international compliance regimes stems from a philosophy exemplified by HITRUST: one framework, many regimes. Read about our global compliance posture.

event-note July 2, 2018

5 Steps to HITRUST CSF Certification

Laleh Hassibi

Vice President of Marketing

Complying with HIPAA and proving it are two very different things. Datica is HIPAA compliant AND can prove it with our HITRUST CSF certification.

event-note June 29, 2017

AWS Fargate and HIPAA Compliant Containers

Ryan Rich

Chief Product Officer

Day 3 of re:Invent kicked off with AWS CEO, Andy Jassy, announcing Fargate among a slew of new AWS services. Can you tell we're excited about Fargate?

event-note November 29, 2017

What does it take to be a 100% HIPAA compliant cloud company?

Travis Good, MD

Co-founder, CEO & Chief Privacy Officer

Datica has spent extensive time and money on security and organizational policies and procedures specifically to comply with HIPAA and share with our customers.

event-note July 27, 2017