Small and growing healthcare organizations don’t always necessarily have a fully-realized security program, full-time CISO, or the resources required to develop, implement and manage secure information security operations. Xpio’s vCISO team will augment your staff to develop a compliance and cybersecurity program to align your business goals and technical needs with the regulatory requirements of your environment.
Each vCISO engagement is unique, but typically works like this:
Onboarding and scoping
This is where it starts. The Xpio vCISO team works with the organization to gather information, set a risk baseline and determine the scope of services and assessment level.
We prepare for a full risk assessment by reviewing policies and procedures, asset management, access and identification processes, training and other relevant dimensions of security.
Security Risk Assessment
A risk assessment based on NIST 800-171 will be conducted to determine administrative, physical and technical risks, producing a Plan of Action for remediation of identified risks.
Road map and remediation
A work plan will be created based on the findings of the risk assessment. The Xpio Health vCISO team will work with the organization over a defined period (variable, but typically 18-24 months) to meet identified needs.