Compliance Assist Partner Program (CAPP)

Home>Cyber Security Services>Compliance Assist Partner Program (CAPP)

Our Compliance Assist Partner Program (CAPP) service builds on an annual risk assessment and is designed to provide a trusted healthcare privacy, security, and compliance partner that helps organizations achieve business goals. A CAPP engagement includes consulting services to assist in maintaining a proactive risk management program by performing standards-based periodic assessments, setting and achieving compliance goals, conducting periodic audits of key controls, and providing ongoing privacy and security advisory support. 

compliance risk assessment

CAPP Program Elements

The CAPP program includes the following elements:

  • Assess

    CynergisTek will conduct a baseline security assessment on the organization focusing on all of the administrative, physical, and technical safeguards required by HIPAA. These reports will serve as the foundation for the ongoing management and maturity of the security program. CynergisTek will create prioritized remediation plans that will address the short term critical vulnerabilities, including technical and programmatic/policy related findings, and a transition plan for medium and long term objectives and maintenance.

  • Advise

    CynergisTek consultants are industry veterans that will provide the needed resources and experience that enables our clients to accelerate the implementation of their security programs. Throughout the process, CynergisTek will advise on the development and remediation of the programs by utilizing our extensive privacy and security expertise. The client has access to the entire CynergisTek staff, whether the request is deeply technical in nature, or a higher level program management discussion.

    Advisory support is provided at all levels: executive, programmatic, and through direct peer-to-peer interaction between staff. This enables CynergisTek to augment the capabilities of the client organization and respond to whatever privacy or security matter may arise. Daily programmatic management is accomplished through a combination of communication channels — telephonic, interactive web portal, and email — making it possible for CynergisTek to respond rapidly to client requests for information or support.

  • Develop

    CynergisTek will be involved in the ongoing remediation and maturation of the security program and will supervise any transition to appropriate staff within the organization.

    Ongoing executive direction is provided through periodic executive reviews designed to ensure remediation and program building efforts remain on track. The appointed monitor within the client’s organization will also be included in these communications and have access to the portal for real-time updates on the progress of remediation and the program.

    CynergisTek will also provide strategic planning support and assist clients in keeping current with emerging industry threat and regulatory trends. In addition to the standard elements of the CAPP, which include regular assessment, testing of technical controls and ongoing advisory support, the CAPP also provides a ready vehicle for on-call consulting, staffing, and engineering support.

  • Regulatory Expertise

    CynergisTek’s employees have experience in working in and developing regulatory programs in both government and private sector positions. Each member of the CynergisTek staff holds relevant certifications in their area of focus, and with our unique relationship with OCR, we understand healthcare’s regulatory environment and will advise on appropriate measures to ensure compliance.

  • Ongoing Technical Testing

    CynergisTek will monitor the technical controls and vulnerability management of the organization through quarterly technical testing. This consistent monitoring will allow us to effectively remediate any critical vulnerabilities and work with the client’s IT staff on proper patching and vulnerability management. Trending data will be provided, and our reports will show areas of improvement in the information security program, but also highlight progress throughout the term of the engagement.

  • Community

    Today there are nearly a hundred healthcare entities actively engaged in the CAPP program. Each CAPP client has direct access to CynergisTek’s knowledge base and also to its peers. One of the biggest strengths of this program is the interaction, assistance, and information sharing fostered by CynergisTek among and between the CAPP membership. When someone has a question we not only share our knowledge, but we pull from our CAPP clients’ experiences and others. CISOs from one CAPP member often act as mentors and sounding boards for other CISOs in the program. The CAPP is not a one-plus-one, but a one-plus-many relationship.

Standard CAPP Engagement Components

The standard CAPP engagement includes the following components:

Optional Add-On Services

CynergisTek also offers optional services that can be customized to meet your compliance program’s unique needs. Popular add-ons include:

Reports & Deliverables

After data collection, we compile a series of reports that detail findings, observations, recommendations and detailed remediation steps in addition to trending data for our repeat customers to help provide input on overall technical program maturity. These reports include:

Ask An Expert

Learn more about our Compliance Assist Partner Program (CAPP) service.

Speak to one of our experts today.
Ask An Expert