Compliance Assist Partner Program (CAPP)

Home>Cyber Security Services>Compliance Assist Partner Program (CAPP)

Our Compliance Assist Partner Program (CAPP) service builds on an annual risk assessment and is designed to provide a trusted healthcare privacy, security, and compliance partner that helps organizations achieve business goals. A CAPP engagement includes consulting services to assist in maintaining a proactive risk management program by performing standards-based periodic assessments, setting and achieving compliance goals, conducting periodic audits of key controls, and providing ongoing privacy and security advisory support.

Annual Assessment

Internal & External Testing

Advisory Services

Periodic Executive Reviews

Optional Services

Our Experts are Waiting!

Contact us to learn more about our CAPP service and how we can help your organization.

CAPP Program Elements

The CAPP program includes the following elements:

CynergisTek will conduct a baseline security assessment on the organization focusing on all of the administrative, physical, and technical safeguards required by HIPAA. These reports will serve as the foundation for the ongoing management and maturity of the security program. CynergisTek will create prioritized remediation plans that will address the short-term critical vulnerabilities, including technical and programmatic/policy-related findings, and a transition plan for medium and long-term objectives and maintenance.

CynergisTek consultants are industry veterans that will provide the needed resources and experience that enables our clients to accelerate the implementation of their security programs. Throughout the process, CynergisTek will advise on the development and remediation of the programs by utilizing our extensive privacy and security expertise. The client has access to the entire CynergisTek staff, whether the request is deeply technical in nature, or a higher level program management discussion.

Advisory support is provided at all levels: executive, programmatic, and through direct peer-to-peer interaction between staff. This enables CynergisTek to augment the capabilities of the client organization and respond to whatever privacy or security matter may arise. Daily programmatic management is accomplished through a combination of communication channels — telephonic, interactive web portal, and email — making it possible for CynergisTek to respond rapidly to client requests for information or support.

CynergisTek will be involved in the ongoing remediation and maturation of the security program and will supervise any transition to appropriate staff within the organization.

Ongoing executive direction is provided through periodic executive reviews designed to ensure remediation and program building efforts remain on track. The appointed monitor within the client’s organization will also be included in these communications and have access to the portal for real-time updates on the progress of remediation and the program.

CynergisTek will also provide strategic planning support and assist clients in keeping current with emerging industry threat and regulatory trends. In addition to the standard elements of the CAPP, which include regular assessment, testing of technical controls and ongoing advisory support, the CAPP also provides a ready vehicle for on-call consulting, staffing, and engineering support.

CynergisTek’s employees have experience in working in and developing regulatory programs in both government and private sector positions. Each member of the CynergisTek staff holds relevant certifications in their area of focus, and with our unique relationship with OCR, we understand healthcare’s regulatory environment and will advise on appropriate measures to ensure compliance.

CynergisTek will monitor the technical controls and vulnerability management of the organization through quarterly technical testing. This consistent monitoring will allow us to effectively remediate any critical vulnerabilities and work with the client’s IT staff on proper patching and vulnerability management. Trending data will be provided, and our reports will show areas of improvement in the information security program, but also highlight progress throughout the term of the engagement.
Today there are nearly a hundred healthcare entities actively engaged in the CAPP program. Each CAPP client has direct access to CynergisTek’s knowledge base and also to its peers. One of the biggest strengths of this program is the interaction, assistance, and information sharing fostered by CynergisTek among and between the CAPP membership. When someone has a question we not only share our knowledge, but we pull from our CAPP clients’ experiences and others. CISOs from one CAPP member often act as mentors and sounding boards for other CISOs in the program. The CAPP is not a one-plus-one, but a one-plus-many relationship.

Standard CAPP Engagement Components

Our CAPP offering includes an annual assessment of your cyber security program against your various compliance requirements, your overall maturity and against best practices. This is not a gap analysis and is conducted by certified experts that are always FTE’s of CynergisTek. We have decades of experience in assessing and maturing security programs across the healthcare space. Our assessment will put everything into a business context and includes onsite interviews and physical walk-throughs. It is a comprehensive assessment that will give you a true baseline and a peer comparison to help with any budgets, projects or executive presentations that you need to make.

Read More

CynergisTek will monitor the effectiveness of your technical controls and current vulnerability management program of your organization through quarterly and semi-annual technical testing, allowing us to effectively identify your critical vulnerabilities. As part of the CAPP, we will provide trending data along with reports that show your areas of improvement and progress throughout the term of the engagement. This will help hold your IT folks accountable, but also show continued improvement towards a better security environment.

Read More

Included as part of the CAPP is an annual HIPAA Risk Assessment that will serve as the foundational piece to help inform your organization of your current compliance status, maturity against your peers, and where you should be focusing your resources in terms of best practices and what we see other healthcare clients focusing on.

Read More

The Enterprise Architecture Assessment is included in the compliance assistance program and technically evaluated the maturity of the components that make up an organization’s cyber security program.

Read More

CynergisTek will monitor the technical controls and vulnerability management of the organization through quarterly technical testing. This consistent monitoring will allow us to effectively remediate any critical vulnerabilities and work with the client’s IT staff on proper patching and vulnerability management. Trending data will be provided, and our reports will show areas of improvement in the information security program, but also highlight progress throughout the term of the engagement.

The Wireless Security Assessment included with the CAPP looks for and enumerates the access points across an organization.

Read More

CynergisTek consultants and executives are industry veterans that are dedicated to providing the necessary resources and experience to your organization, which enables you to accelerate the implementation of your security, privacy and compliance programs. CynergisTek will advise on the development and remediation of your programs by utilizing our extensive privacy and security expertise. You will have access to the entire CynergisTek staff, whether the request is a complex technical question or a higher-level program management discussion.

CynergisTek’s senior leadership is made of up industry executives who hold many credentials and are recognized across the industry as subject matter experts. We will not only provide executive level remediation progress and updates on relevant regulatory changes and security threats but will also promote knowledge transference to empower your organization.

Optional Add-On Services

CynergisTek also offers optional services that can be customized to meet your compliance program’s unique needs. Popular add-ons include:

  • Privacy Program Development
    Protect your patients’ right to privacy. Verify and improve your privacy program with an assessment that measures your program against the policies and procedures necessary under the HIPAA Privacy, Security and Breach Notification Rules.
  • OCR Audit Assistance
    The number one reason for non-compliance during the Office for Civil Right’s (OCR) pilot audit program was “unaware of the requirement.” Help your staff prepare by experiencing the audit process with our OCR Mock Audit. CynergisTek will hold your staff to OCR standards while assessing your organization’s ability to demonstrate HIPAA compliance and help you identify your organization’s readiness and ability to respond. The OCR Mock Audit addresses HIPAA Privacy, Security and Breach Notification Rules.
  • Social Engineering Service
    CynergisTek can perform constructed social engineering and phishing attempts to test the effectiveness of security training and help you create an enterprise-wide awareness program to decrease the “insider” threat.
  • Virtual CISO (vCISO) Service
    CynergisTek will develop and manage an effective information security program by integrating our experienced security professionals into your existing information security and risk management program, or help build your program from the ground up.

Reports & Deliverables

After data collection, we compile a series of reports that detail findings, observations, recommendations and detailed remediation steps in addition to trending data for our repeat customers to help provide input on overall technical program maturity. These reports include:

  • Raw Vulnerability Testing Reports and Executive Summary
    Serving as a guide to remediation of individual vulnerabilities, reports are provided quarterly for external testing and twice annually for internal testing.
  • Technical Security Assessment Report of Findings
    This report includes findings of external security, architecture, internal security, and wireless LAN security assessments. Includes recommendations of best practices.
  • Information Security Program Assessment Report of Findings
    This report classifies various program elements for compliance, and your organization’s maturity is rated using the COBIT maturity model for each element.
  • Risk Analysis Workbook and Risk Profile Plan
    This report includes a risk analysis workbook and a risk profile.

What Our Clients Say

Having a partner that is actively monitoring our systems, trends, local and global threats not only saves the Virtua IT Security team time, but provides us with the ability to proactively look at potential threats to plan accordingly. The partnership with CynergisTek has allowed us to focus on compliance, developing risk programs, policy and procedures leading to a culture focused on making us more secure.

Tom Gordon, CIO, Virtua

CynergisTek’s in-depth industry expertise and proven track record of providing thorough and actionable assessments made it the clear choice to partner with on our privacy and security initiatives. With its unmatched knowledge of the current threat and regulatory landscape, we look to CynergisTek to provide the unique capability that will help us identify and address any potential vulnerabilities quickly and effectively, which is critical in today’s environment.

Patricia Tooley, Vice President, Privacy and Security, Memorial Hermann

Related Resources