Is it time to perform your annual risk assessment program? There are two types of risk assessments: regulated and supply chain. Regulated industries include healthcare, insurance, banking, accounting, and any company that processes credit cards. In comparison, your partners or clients may request a supply chain risk assessment if they share sensitive information with you. This article will explain the differences and why they are essential to your business.
Government Risk Assessment Regulatory Frameworks
An vital function of the government is to protect its citizens from harm. Without a doubt, regulations are the way the government accomplishes this goal. Cybersecurity has been a big focus in the 21st century with the explosion of the Internet. Below are links to government regulations that specifically deal with cybersecurity.
- Health Insurance Portability and Accountability Act (HIPAA) – Healthcare entities and healthcare business associates
- Payment Card Industry Data Security Standards (PCI DSS) – These are companies that process credit cards for payment.
- Sarbanes Oxley Act (SOX) – SOX risk assessments are performed for publicly traded US companies, wholly-owned subsidiaries of foreign-owned companies, and foreign companies that raise debt or equity on US public exchanges.
- Gramm Leach Bliley Act (GLBA) – GLBA is for banking and insurance.
- Family Educational Rights and Privacy Act (FERPA) – FERPA is for publically funded schools.
Supply Chain Risk Assessments
There are two types of supply chain risk assessments: those under a regulatory framework and those that a business partner or client requests.
Business Associate or Secure Service Providers
Business Associate and Secure Services Providers comprise any company that stores, transmits, or has access to protected data on behalf of a HIPAA or GLBA client. HIPAA uses the term Business Associates, and GBLA uses the word Secure Service Provider. Both are responsible for carrying out specific regulations.
Business Partner or Client Risk Assessment
On the other hand, more businesses are taking cybersecurity seriously. As a result, they expect their vendors or partners to perform a risk assessment. Otherwise, they will not do business with them. These assessments protect their data while guarding against state breach notification laws. Subsequently, these laws require companies to notify individuals when a breach involves personally identifiable information.
It is important to note that the company sharing the information with the third party is ultimately held accountable by their client. As a result, businesses have realized they must protect themselves as they cannot afford their business partners to breach their sensitive data. Therefore, they require specific controls to ensure data security. (See article: Cyber Security is the Biggest Threat to Your Business Relationship.)
INSIs Assess-IT Program
Do you need a risk assessment performed? As part of INSI’s managed security services, we have partnered with Cybriant, which conducts the risk assessments while INSI addresses the vulnerabilities. It is a complete turnkey risk assessment solution for any type of security framework. Contact INSI to reach the best MSP in Atlanta: 770-387-2424, option 2.
About INSI, The Best IT Support Provider in Atlanta
Innovative Network Systems, Inc. (INSI) is the leading Managed Service Provider (MSP) in Marietta, GA, for small- and medium-sized businesses. INSI’s unique approach integrates IT Support and Cybersecurity into comprehensive packages with onsite preventive maintenance and a single source of accountability. INSI’s services range from gap support for clients with internal IT departments to fully managed services for those who have no IT representation.
About the Author
Deborah Frazier is the author of IT Outsourcing Secrets – A Small Business Guide to Compare IT Support Companies. With nearly 20 years of experience consulting small and medium-sized businesses on their IT support needs, she brings a wealth of knowledge to INSI as Head of Marketing and Sales. If you like this article and would like to get notified when a new article is posted, click here
