ADHICS Consulting Service

ADHICS GAP Assessment

An assessment is conducted to determine the current state against the ADHICS standard.

Cyber Risk Assessment

Risks to healthcare data security and privacy are assessed using the ADHICS framework

Risk Management Plan

Risk management plans are developed to remediate the gaps and risks at acceptable levels.

Technology Implementation

Advisory on remediation of technology gaps and implementation of technical controls is given.

Implementation Review

Performance of periodic reviews to assess the compliance levels and remediate any deviations.

Policies & Procedures

Policies and procedures are developed for privacy and security to achieve ADHICS Compliance

Security Testing

Performance of ongoing security assessments and penetration testing to ensure continuous compliance with ADHICS.

Security Awareness

Providing security awareness trainings for employees, suppliers and other interested parties.

Internal Audits

Timely identification of deviations and recommendations given for corrective action.

Phase 1: Assessment

The first phase of in ADHICS Compliance service assessing the current state of the client’s system and it consists of the below steps.

Information Gathering

  • Project Initiation
  • Information Gathering
    • Context of the organization
    • Identify critical business services
    • Identify information infrastructure

Gap & Risk Assessment

  • Assessment of current state and mapping it to ADHICS Standard
  • Identification of threats and vulnerabilities exploiting the gaps resulting in risk.

Phase 2: Controls Selection

In the second phase, controls are selected to manage the identified risks. A risk management plan is prepared and that sets the objectives for the implementation phase.

ADHICS Controls Identification

  • Identify cyber security controls that can mitigate the risks and thereby result in ADHICS Compliance.

Policies & Procedures

  • Current policies are reviewed, refined or replaced with new ones.
  • New polices are prepared for the organization to be compliant with ADHICS standards.
  • Standard operating procedures are prepared on the basis of the policies.

Phase 3: Implementation

In the third phase, controls are applied as per the risk management plan.

Controls Application

  • Apply cyber security controls that mitigate the risks and thereby result in ADHICS Compliance.

    • Technology Controls

      • Security Architecture
      • Technology gaps
      • Configuration advisor

    • Management Controls

      • Operational controls
      • Physical Security
      • Managerial / Administrative Controls

Phase 4: Review

In the final phase, applied controls are verified and reviewed.

Confirmatory Check

  • Checks are conducted to verify if the cyber security controls that mitigate the risks and comply with ADHICS Standard.

Audits

  • Post implementation audits to assess the compliance status.
Periodic Security Testing

This includes conducting testing activities on pre-approved time intervals. The activities include:

  • Vulnerability Assessments
  • Penetration Testing
  • Security configuration reviews
Incident Response Assessment

Assisting customers assess their incidence response readiness and threat monitoring

  • Red-Team activities
  • Blue-Team activities
  • Purple-Team activities
Internal Audit

Performance of periodic IS audits to assess compliance levels to the defined policies and procedures. This may include:

  • Mock ADHICS audit
  • Regular IS audit

Book Now!! A Free Session with our experienced consultants on ADHICS Compliance!!

Contact us for the free session
Contact Us