A midsize health insurance company has never conducted a baseline assessment of their information security program. Based on a selected security framework (NIST 800-53) and their regulatory driver (HIPAA security + privacy), the security director conducted an initial program assessment by using TrustMAPP and surveyed 15 team members with a wide range of security or privacy duties.
The results of the assessment and TrustMAPP’s reports helped him to both better understand where he has opportunity for improved processes and to present the findings to the audit committee. Using inputs from the team members and TrustMAPP’s out-of-the-box data (hours and costs for improvement) he is developing a roadmap to begin making improvements. By using TrustMAPP’s workflow and task management capabilities the security director continues to track updates across team members and run regular analytics provided by TrustMAPP to understand improvement towards program goals. Using both the automated assessment and planning capabilities in TrustMAPP alongside the workflow and task management the security director has achieved a significant time savings in addition to communicating and receiving support for additional security program improvements over the next two years.