Governance

The dictionary definition of “governance” describes it as a method or system of government or management.

For Managed Compliance Providers, governance is at the beginning of, and the foundation of all efforts to achieve and maintain continuous compliance. It consists of a large set of documented policies, procedures, and processes put in place by an organization that will govern or manage the proper use and conduct of all transactions involving valuable information assets. Once composed & agreed- upon, these rules become the metric by which the company’s achievement of compliance is measured.

Before they can possibly achieve Compliance365, companies must have their rules of governance and their methodologies for monitoring and managing the effective enforcement of them in place.

Risk

In the context of regulatory compliance, “risk” refers to the hazard or chance of loss of control over pertinent high-value information assets, the nature of the potential loss, and the degree of probability of such loss. Government regulations typically seek to minimize and mitigate the risk that high-value data such as personal health information, corporate fiscal information, or governmental security information might be accessed, corrupted and/or stolen by unauthorized individuals.

Compliance

Compliance refers to conformity, accordance, cooperation and obedience in respect to rules established by a recognized authoritative entity. While regulatory compliance usually refers to rules established by governmental bodies, corporations, professional associations, accrediting bodies and others may also establish and enforce regulations which must be complied with in order to retain license or other accreditation to perform key functions.

SecureGRC

SecureGRC provides both the automated scanning and monitoring tools as well as the automated survey and questionnaire systems required to collect all the information required, from people and from computers, to demonstrate compliance with a wide variety of government-enforced regulatory requirements. It helps companies establish governance, assess risk, and assure that the governance is enforced to maintain the compliance required to fully mitigate any risks.

“We have an audit…” can be four of the most fearsomewords a manager ever hears, but they don’t have to be.

The problem is in the way most of us look at compliance, as something we have to do. Better to look at it as something we need to be, compliant at all times. The only way to achieve that is to put automated monitors and systems in place to assure continuous compliance.

Achieving Compliance

Most regulatory compliance is achieved through the implementation of a combination of written policies and electronic systems to protect data.

To become compliant with most regulatory requirements, policies must be written and voted into activation that carefully define the ways in which information and processes surrounding information will be performed. Then the company must demonstrate that these policies are being adhered to strictly. Similarly the company must prove that the security systems that have been put into place to safeguard sensitive data are working properly and have been tested regularly for continued effectiveness.

SecureGRC Compliance Manager

To remain compliant continuous requires the implementation of routine recording and reporting procedures, both manual and automatic, which can confirm at any time that all of the processes, procedures, and security measures put in place continue to function properly and effectively.

Until the introduction of automated compliance management in SecureGRC Compliance Manager, companies typically employed expensive consultants to come in and develop the necessary policies and systems initially. They would then have the same or another consultant visit periodically to perform “pre-audits” which were meant to assure that the company would pass a “real” audit were one to be performed.

Continuous Compliance

SecureGRC Compliance Manager eliminated the need to engage consultants at high fees to assure continuous compliance. Following eGestalt’s policy of Continuous Compliance, clients running SecureGRC have all the tools in place to carefully document adherence to all required policies and best practices. In addition, SecureGRC manages the various probes and scanners that confirm the effectiveness of the company’s security measures. Combined into one dashboard, corporate managers can see where they are in relation to all compliance metrics and can make adjustments as needed.

To achieve and maintain Continuous Compliance talk to a Managed Compliance Provider about SecureGRC and the Continuous Compliance approach.

While SecureGRC is carving new ground by automating the process of becoming and maintaining continuous compliance with all relevant regulatory requirements, several organizations are recognizing these achievements.

eGestalt Technologies Inc. today announced its SecureGRC application was voted as a runner-up in the Managed Services Category at the Xchange Tech InnovatorsNovember 10-12 event in Las Vegas.

Everything Channel’s exclusive 8th annual Tech Innovator listing celebrates technology vendors that have introduced new solutions to drive advances throughout the technologychannel.

Everything Channel’s exclusive 8th annual Tech Innovator listing celebrates technology vendors that have introduced new solutions to drive advances throughout the technologychannel.

“We’re proud to announce this as our third recognition in four months,” said Anupam Sahai, president, eGestalt. “Clearly there is great pent up demand in the channel for a Cloud computing and SaaS-based IT-GRC solution that services the largely underserved SMB market. Already nearly 50 channel partners have signed up since June to join our Managed Compliance Provider program, offering this compelling IT security and GRC unified solution to their customers.”

SiliconIndia

SiliconIndia, a professional networking portal with over 2 million active members recently released its list of the top 100 technology companies founded
and managed by Indians in the US. eGestalt was included in the “Top 10 Security Companies to Watch” in recognition of SecureGRC, eGestalt’s cloud-based automated compliance solution.

Companies are selected by a distinguished panel of successful Indian CEO’s and CIO’s of public companies, venture capitalists and venture-funded companies.

“I am very excited to accept this recognition by the large SiliconIndia community of industry leaders,” said Anupam Sahai, co-founder and president. “This honor validates that we are making great progress and now the peers and the industry thought leaders are recognizing the hard work done by our team. SecureGRC provides what our customers have been asking for, an integrated solution for dealing with information security and compliance management using a disruptive and compelling business model.”

eGestalt Voted Breakthrough Technology Vendor Finalist at XChange 2010 Event

EverythingChannel, premier provider of IT channel-focused events, media, research, consulting, and sales and marketing services named eGestalt Technologies Inc. (www.eGestalt.com), a world leading provider of information security and IT-GRC (governance, risk management and compliance) solutions for all enterprises, as a finalist in the Breakthrough Technology Vendor category at the prestigious XChange XCellence award ceremony at Everything Channel's XChange Americas event recently held in Dallas, Texas.

XChange Americas is the largest IT channel event of the year, attracting over 1,000 attendees. This 3.5 day event brings together over 250 solution providers and leading industry vendors in diverse technology areas to build business relationships.

Having recently announced its Managed Compliance Provider channel strategy and program for the IT-GRC industry, eGestalt’s SecureGRC solution met the following five eligibility requirements to capture a large number of votes on the Breakthrough Technology Vendor ballot.

• New or enhanced product introduced to the channel in the past six months.
• Product creates new revenue streams and business opportunities.
• Product is a solution that channel partners would want to represent.
• Product contributes to solving real business technologyneeds; and lastly:
• Strong market opportunity for this product.

“To win recognition by the largest gathering of IT channel partners in the industry is a

vote of confidence in our innovative IT-GRC cloud solution along with our unique channel based Go-to-Market strategy,” said Anupam Sahai, President, eGestalt Technologies Inc. “To meet any compliance requirement is a complex and expensive proposition especially for SMBs; that the channel recognizes our SaaS-based solution as being ideal for this market shows the pent-up demand for a simple IT-GRC managed compliance service.”

The XChange XCellence Awards winners are selected by top solution providers at each event and honor the vendors with the most exceptional products, programs and technologies.

Sponsored by Everything Channel Events, the XChange XCellence Awards measure business and technology integrator perceptions of vendor products, services, and programs during an XChange event. XChange attendees evaluate and score each vendor's presentation, message and presence throughout the event, and awards are presented during the XChange XCellence Awards luncheon.

You ARE Affected

Doctors,Dentists,Chiropractors,Psychologists, Nursing Care or any practice that handles Patient Health Information (PHI), from a sole practitioner to small medical groups, are required to achieve and maintain compliance with the regulations set forth in both the HIPAA and the HITECH Acts.

The HITECH Opportunity

With the introduction of HITECH as part of the American Recovery and Reinvestment Act of 2009, incentives have been made available to promote rapid adoption of Electronic Medical Recordkeeping (EMR).

Other Serious Implications

Along with those incentives come significantly increased criminal penalties for non-compliance. These penalties are not directed only at the healthcare entity, but also at the individual owners, employees and business associates of any covered entity.

Your state’s Attorney General can and will investigate and prosecute. Fines have been increased dramatically and, yes, you can even go to jail.

You MUST

• Have, update, and prove that you have information handling processes in place and in use
• Have written agreements and proof of compliance from all business associates and subcontractors who handle PHI
• Ensure that appropriate controls and safeguards have been implemented to prevent unauthorized access and disclosure of sensitive patient data

Breakthrough Technology at Breakthrough Pricing

SecureGRC is a cloud-based service that eliminates the need for outsourced expertise and most manual processes. SecureGRC’s breakthrough technology delivers increased compliance control at dramatically reduced cost yielding rapid return on investment.

SecureGRC SB

SecureGRC is the firsttruly integrated cloud- based automated IT compliance
and security management solution delivered solely as a service. The front dashboard shows you the status of your progress toward compliance at that moment, keeping you fully informed as to what tasks still need to be performed with immediate access to the tools you’ll need to perform them. HIPAA & HITECH support is built-in, easily extended, and automatically kept up to date.

Dramatically reduces Total Cost of Ownership (TCO)

Employingend-to-endautomation eliminates costly manual procedures reducing costs by up to 90%. SecureGRC provides all the outputs required for audit automatically on demand. It also significantly reduces expensive errors often introduced by manual processes.

Dependence upon expensive external “experts” creates an environment of sudden panic every time an audit is scheduled. Thorough, automated control creates a culture of calm, continuous compliance.

Managed Compliance Provider

eGestalt Managed Compliance Providers quickly and professionally implement this automated solution and help you quickly learn to take rapid action to resolve any processes or systems that are out of compliance. SecureGRC Compliance Manager then keeps constant vigil over your systems and personnel to make sure you remain in continuous compliance.

• Peace of Mind
• Complete support for HIPAA & HITECH regulations.
• Simple, menu driven assessment to understand and gain control over your HIPAA/HITECH requirements
• Easy plug in if you also need PCI-DSS compliance
• Library of free policies to use and attach as evidence
• Covers both Privacy and Security rules
• Tracking and managing of your Business Associates (BA’s)
• Central repository for all your HIPAA related documentation
• A finished document that can be used to show compliancy to other organizations and auditors
• Quarterly reminder assessments to make sure you stay on track
• Automatic updates on new or revised policies, procedures, or forms which reflect changes in the standards
• Automatic updates to changes in regulatory requirements