Detailed assessment of current infrastructure including all IT-assets as well as operational processes in place. Resulting deliverable provides narrative content on where you are today, identification of risks and vulnerabilities along with trends and technologies to consider for modernization. Cost/benefit analysis is profiled addressing premise-based upgrades vs. Cloud-based solutions… a clear, concise comparison shows what’s relevant and applicable to your unique business requirements.
HIPAA enforcement is the responsibility of the OCR (Office of Civil Rights) within the HHS (Health & Human Services). The Health Information Technology for Economic and Clinical Health (“HITECH”) Act, implemented in 2009, significantly increased the penalties associated with HIPAA breaches. HITECH also requires HHS to conduct periodic audits to ensure compliance with the HIPAA privacy standards. Since 2014, there were a total of 1,170 breaches of PHI (from 2009 forward), with 40.8 million patient health records affected. The best defense against a HIPAA breach is a strong compliance program. Mercadien’s review & subsequent report-deliverable can quickly identify required areas of change/improvement and provide a clear plan-of-action; all HIPAA Rules are examined and uniquely applied to your organizational requirements.
Penetration & Vulnerability testing is performed to assess the effectiveness of current security control measures within a client’s environment. Data is used as evidence to support findings and recommendations. The purpose is not to determine all vulnerabilities bur rather to see the security posture through the eyes of a hacker if he/she were trying to probe your network. The testing has 4 phases: reconnaissance, network discovery, vulnerability assessment, and manual checks. The first phase is to search publicly available resources for information that would assist in the review. The second and third phases require the use of advanced scanning tools. The fourth phase is to test the possibility of a brute force attack on exposed systems. It is imperative that security testing be performed for virtually every industry and vertical-space; funding, grants, compliance and overall continuance of operations depend on successfully completing Security-Testing.
This engagement/project involves a detailed review of an organization’s overall operational footprint. An initial kick-off meeting addresses the optimal methods of communication with the client as well as personnel involved in the interviewing process. We review the data requirements and work, identifying critical issues to meet your goals. The process is executed across the following phases:
A comprehensive interview and information gathering process to assess current assets, procedures and policies. All key stakeholders are given the opportunity to present their role / daily functions and discuss the limitations of the current systems (procedural and technical).
Vendors and/or all available (relevant) solutions are researched and identified to meet the needs of the client; limitations and best practices are evaluated to determine the most appropriate resolution-path. A presentation of preliminary findings and prospective solutions are made to the client.
Formal presentations by finalist solution-providers (relevant to each respective area) are made; a program/platform is chosen. Mercadien focuses on developing policies, procedures and manuals addressing the work-flow associated with the new operational protocol (these deliverables are submitted during the training phase). Functional improvements to overall protocol (for the areas reviewed & remediate) are measured and consolidated into a Management-Manual.
Staff training & orientation for new platform takes place. Submission of new policies, procedures and manuals are provided.
Mercadien Technologies has become the Mid-Atlantic leader in Forensic Data Consulting. The Mercadien Group’s expert reputation in Forensic Accounting provided the perfect backdrop for their technology division to assemble a team of experts offering advanced investigative services in the evidence collection process. Our team is versed in both civil and criminal cases with expertise in Electronic Discovery, Computer Forensics, Data Recovery, Court Testimony, Corporate Internal Investigations and Preventative Services. These services are vital to any individual, company, or law practice with cases that deal with sensitive information stored on digital media, including hard drives, cell phones, digital cameras, pda’s, cd’s, dvd’s, flash cards, or tapes. Mercadien's Forensic Data practice utilizes experts skilled in ensuring that all digital data has been handled within the legal principles of security, continuity and accountability. The integrity of Mercadien's processes and procedures will withstand the challenges presented in a court of law. Mercadien is able to provide our forensic clients with the following results, which may be required in a court of law:
- Exhibiting evidence specifying the facts that will support a conclusion or judgment
- A Mercadien employee who acts as an expert witness to give a first-hand account of the processes and tools involved in the forensic procedure
- A forensic report stating how the media was treated and how the forensic testing was performed
- A report log providing a detailed chain of custody for the media.