Evaluating Cloud Hosting Providers with the FedRAMP

While the FedRAMP (Federal Risk and Authorization Management Program) is intended for government entities and their criteria and processes for assessing and monitoring cloud products/services, it’s still a good security standard model that many organizations could follow to minimize security risks in the cloud.

The most applicable standards used for evaluating cloud hosting providers includes:

Security Assessment

Documenting security controls is the first step that any organization should require of their cloud provider – this includes:

Document the controls implemented in the cloud and the cloud environment.
Policies around user behavior – with details around use and access.
An IT contingency plan – a disaster recovery plan that defines how the organization intends to recover information system services and manage disruptions.
Configuration management plan – a plan describing how changes to the system are managed and tracked.
Incident response plan – similar to breach notification clauses that should be included in any business associate agreement, for healthcare organizations concerned with HIPAA, an incident response plan outlines how incidents are detected, reported, escalated, handled and remediated.
Any authentication that will be used in the cloud, including a required authentication level – two-factor authentication is one method that may be easily employed to create an additional layer of security.
Privacy impact assessment – this should document what kind of personally identifiable information (PII), or protected health information (PHI), is collected and if it’s properly safeguarded.

READ

How Much Does It Cost To Be Gluten Free? Here's What To Know

In addition to documentation, this step includes performing security testing, which requires the cloud provider to contract with an accredited third party auditor to test the security of the cloud provider’s system and environment, produce a report of results, and document a plan of action to remediate or change their system to meet security requirements.

As a cloud provider that needs to balance both security and compliance for our clients, Online Tech has contracted a third party auditor to test its controls against a variety of compliance standards, including HIPAA compliance, PCI DSS Compliance, SOX compliance and more on a continuous basis. Read about what each standard means in our Data Center Standards Cheat Sheet.

Ongoing Assessment and Authorization

This refers to the continuous monitoring of cloud providers to ensure their security controls remain effective over time.

Operational visibility refers to the transparency of security control implementations – annual self-attestation reports can help in this area.
Change control process – establishing a process to track any changes that could impact the ability of a cloud provider to meet security requirements. This also includes changes in a cloud provider’s management.
Incident response – keeping track of any new risks or vulnerabilities that might affect authorized system and response/mitigation activities.

Following a similar plan can help your organization avoid a data breach and stay safe in the cloud.

References:
FedRAMP Processes from the U.S. General Services Administration
FedRAMP Security Assessment
Performing Security Testing
Document Security Controls

The Future Of Healthcare Entrepreneurship

How Do I Become A Clinical Documentation Specialist?

Top 5 Points You Need To Know About Medical Marketing

4 Tips For Home Health Care Agencies To Survive The Worker Shortage

How Do I Become A Clinical Documentation Specialist?

How To Get Capital For New Equipment For Your Healthcare Business

Financial Benefits For People Suffering From Dementia

Cautious Health Care Lending Can Prove Lucrative For The Lenders

4 Tips For Home Health Care Agencies To Survive The Worker Shortage

Top Tips For A More Eco-Friendly Healthcare Facility

Why Mobile Apps Are Indispensable For Telemedicine

Why It’s Key To Take Care Of Medical Debt To Avoid Health Issues Later

7 Beneficial Ways Technology Can Impact Your Fitness

What To Know About How mHealth Apps Benefit Heart Patients

How Appropriate Technology Enhances Physician Answering Services

Patient Engagement Helps Healthcare Systems And Patient Outcomes

7 Reasons You Need Digital Marketing For Your Medical Practice

Why It’s Key To Take Care Of Medical Debt To Avoid Health Issues Later

Tips To Follow To Help Avoid Surprise Medical Bills

The Global Eye Tracking System Market Is Expected To Skyrocket In The US

Patient Engagement Helps Healthcare Systems And Patient Outcomes

The Future Of Real Time Location Systems In Healthcare

The Global Eye Tracking System Market Is Expected To Skyrocket In The US

Why HIPAA Matters To mHealth Apps More Than Ever

Why You Need To Know The Risks Of Self-Diagnosis

Technological Advancements in The Medical Field That You Should Keep An Eye On

mHealth Apps And Digital Doctors: The Future Of The Healthcare Sector?

EHR For Rural Hospitals: Criteria And Access

7 Tips To Make Sure Your Medical Practice Is Found Online

4 Top Reasons Why App Developers Love Apple Health Records API

Should Healthcare Care About Branding?

How can Healthcare Professionals Manage their Reputation Online

Fashion vs Function: 5 Ways Technology Is Revolutionizing Activewear

What To Know About Using Technology To Make Healthcare Easier

The Growing Role Of Tech In Emergency Rooms

Importance Of CRM Software In The Healthcare Industry

5 Healthcare Technologies Transforming Aging In Place

Here’s Why Plastic Surgery Shouldn’t Be Taboo Anymore

How Tech And Medical Equipment Is Changing The Patient Approach

The Value And Criticism Of Robot-Assisted Heart Surgery

7 Beneficial Ways Technology Can Impact Your Fitness

Is Virtual Reality the Next Big Thing for Mental Health?

Patient Engagement Helps Healthcare Systems And Patient Outcomes

Here’s Why Plastic Surgery Shouldn’t Be Taboo Anymore

How to Get Started with Volunteering to Take Care of Animals Abroad

What The CVS Healthcare Expansion Means For Medical Practices

The Status Of Child Health And Wellness In America Today

What Are Home DNA Tests And How Do They Change Our Life?

Why The Psoriatic Arthritis Treatment Market Is Set To Grow

Here’s Everything You Need to Know About Sciatica

Alternative Medicine Practices For Combatting Symptoms Of Menopause

3 Things To Consider When Looking For A Heart Doctor

Preliminary Data Suggests CBD Could Aid in Alcoholism Recovery

3 Things To Consider When Looking For A Heart Doctor

The Value And Criticism Of Robot-Assisted Heart Surgery

Here’s What To Know About Sleep And Heart Health

Is It Time to See a Cardiologist?

Benefits And Common Questions About Dental Implants

Try These Dental Hygiene Tips For A Healthy Lifestyle

11 Overlooked Flossing and Brushing Mistakes that Cause Oral Health Issues

Healthy Teeth is not an Option! It’s a way of Healthy Life

Take These 4 Important Steps For Healthy And Happy Aging

Living Alone When You’ve Been Diagnosed With Alzheimer’s

A Guide To Healthy Aging And Happier Golden Years

10 Early Dementia Signs You Need To Be Aware Of

Why You Should Consider Group Exercise For Weight Loss

Here’s Why To Choose A Home Gym For Your Fitness Routine

How Serious Is Sugar Addiction, And Should You Be Worried About It?

5 Ways Meditation Can Help You With Weight Loss

Here’s Everything You Need to Know About Sciatica

Your Guide to Foot Gains: The 7 Best Foot Exercises for Stronger and More Flexible Feet

Causes Of Lower Leg Pain And Sore Calves To Know About

How To Take Care Of Your Bone Health In Your Forties

3 Nutritious Foods To Eat During Your Second Trimester Of Pregnancy

A High Fiber Diet During Pregnancy May Reduce Celiac Risk In Children

Radiology as an Enterprise Model for Collaboration

Relationship Between Clinical Decision Support Systems (CDSS) & Radiology Must Evolve

Diagnostic Reading #33: Five Must-Read Articles from the Past Week

2015 CPT Coding Changes and Your Radiology Practice

Here’s Everything You Need to Know About Sciatica