Icon1.png

Credit Union
IT Controls Review

 

 

FFIEC / NCUA / FDIC

Our Information Security Managerial Controls Review (MCR) assesses the organizations security program including:

  • Policy Documentation

  • Information Systems Policies Review and Assessment

  • Procedure Documentation

  • Technical Controls and Aggregate Security

Through interviews, documentation review and testing E3 evaluates an organizations adherence to a desired standard. This standard can be a specific security standard (like NIST) or industry best practice. Managerial and operational (policies and procedures) controls are the foundation of all organizational security controls.

IT managerial and operational controls should set the tone for the organization with regard information security. For nearly 20 years E3 has been providing credit unions with GAP assessments for their IT controls based on FFIEC, NCUA and state examination standards.


Are you interested in E3 Services? Do you want more information or a proposal? For more information or to receive a Request For Proposal questionnaire please contact us toll-free at (866) 585-8324 or via email at webmaster@e3tech.net.
— Exceeding Every Expectation
Icon1.png

Bank IT Controls Review

 

 

FFIEC / FDIC / GLBA /FACTA

Our Information Security Managerial Controls Review (MCR) assesses the organizations security program including:

  • Policy Documentation

  • Information Systems Policies Review and Assessment

  • Procedure Documentation

  • Technical Controls and Aggregate Security

Through interviews, documentation review and testing E3 evaluates an organizations adherence to a desired standard. This standard can be a specific security standard (like NIST) or industry best practice. Managerial and operational (policies and procedures) controls are the foundation of all organizational security controls.

IT managerial and operational controls should set the tone for the organization with regard information security. For nearly 20 years E3 has been providing banks and other financial institution with GAP assessments for their IT controls based on FFIEC, GLBA, FDIC, FACTA and state examination standards.


Are you interested in E3 Services? Do you want more information or a proposal? For more information or to receive a Request For Proposal questionnaire please contact us toll-free at (866) 585-8324 or via email at webmaster@e3tech.net.
— Exceeding Every Expectation
Icon1.png

Security Best Practice Standards

 

 

ISO 27002:2013

Our Information Security Managerial Controls Review (MCR) assesses the organizations security program including:

  • Policy Documentation

  • Information Systems Policies Review and Assessment

  • Procedure Documentation

  • Technical Controls and Aggregate Security

Through interviews, documentation review and testing E3 evaluates an organizations adherence to a desired standard.

The ISO 27002 security standard is one of the industries most comprehensive and recognized across various types of businesses. Initially developed as the BS7799 the ISO 27002 security standard continues to be updated to set best practice standards for an organizations information systems.


Are you interested in E3 Services? Do you want more information or a proposal? For more information or to receive a Request For Proposal questionnaire please contact us toll-free at (866) 585-8324 or via email at webmaster@e3tech.net.
— Exceeding Every Expectation
Icon1.png

Government Cyber Security Assessment

 

 

Nist 800-53

Our Information Security Managerial Controls Review (MCR) assesses the organizations security program including:

  • Policy Documentation

  • Information Systems Policies Review and Assessment

  • Procedure Documentation

  • Technical Controls and Aggregate Security

Through interviews, documentation review and testing E3 evaluates an organizations adherence to a desired standard.

Many governmental agencies are required to achieve the NIST 800-53 accreditation. E3 has worked with both federal and state agencies meet certification and accreditation process. The 800-53 standard evaluates groups controls in areas of management, operational, and technical safeguards (or countermeasures) prescribed for an information system to protect the confidentiality, integrity, and availability of the system and its information. The standard has gone through five revisions and our consultants are experienced with each.


Are you interested in E3 Services? Do you want more information or a proposal? For more information or to receive a Request For Proposal questionnaire please contact us toll-free at (866) 585-8324 or via email at webmaster@e3tech.net.
— Exceeding Every Expectation
Icon1.png

Government Cyber Security Assessment

 

 

NIST Cyber Security Framework

Our Information Security Managerial Controls Review (MCR) assesses the organizations security program including:

  • Policy Documentation

  • Information Systems Policies Review and Assessment

  • Procedure Documentation

  • Technical Controls and Aggregate Security

Through interviews, documentation review and testing E3 evaluates an organizations adherence to a desired standard.

This security framework is a voluntary standard consisting of guidelines, and best practices to manage cybersecurity-related risk. E3 has worked with both version 1 and 1.1 of the framework and helped government and private organizations who have chosen to adopt this methodology for managing their information security risk. There are five main categories within the framework each of the five are broken into sub-categories with defined objectives. We can help assess organizations on if they are meeting these objectives and identify areas of weaknesses that need to be improved.


Are you interested in E3 Services? Do you want more information or a proposal? For more information or to receive a Request For Proposal questionnaire please contact us toll-free at (866) 585-8324 or via email at webmaster@e3tech.net.
— Exceeding Every Expectation
Icon1.png

Security Assessment for non-governmental organizations

 

 

NIST 800-171

Our Information Security Managerial Controls Review (MCR) assesses the organizations security program including:

  • Policy Documentation

  • Information Systems Policies Review and Assessment

  • Procedure Documentation

  • Technical Controls and Aggregate Security

Through interviews, documentation review and testing E3 evaluates an organizations adherence to a desired standard.

Many organizations work with or provide services for governmental organizations. The protection of sensitive federal information while residing in nonfederal systems and organizations is of paramount importance to federal agencies and can directly impact the ability of the federal government to successfully carry out its designated missions and business operations, including those missions and functions related to the critical infrastructure. We can help your non-governmental agency assess its adherence to this mandated security standard.


Are you interested in E3 Services? Do you want more information or a proposal? For more information or to receive a Request For Proposal questionnaire please contact us toll-free at (866) 585-8324 or via email at webmaster@e3tech.net.
— Exceeding Every Expectation
Icon1.png

HIPAA Security Assessment

 

 

Description

The Health Insurance Portability and Accountability Act (HIPAA), signed into law in August 1996, requires the Department of Health and Human Services (DHHS) to adopt national uniform standards for the electronic transmission of certain health information. The intent of HIPAA is "administrative simplification" and protection of patient privacy. 


Detail

DHHS divides proposed security requirements into the following four groups:

  1. Administrative procedures - documented general practices for establishing and enforcing security policies.

  2. Physical safeguards - documented processes for protecting physical computer systems, buildings, and so on.

  3. Technical security services - processes that protect, control, and monitor access.

  4. Technical security mechanisms - mechanisms for protecting information and restricting access to data transmitted over a network.

Who is affected by HIPAA regulations?

HIPAA affects all health care organizations. In particular, organizations will need to focus on HIPAA compliance in the following areas:

  • Electronic data interchange (EDI) transactions for health plan enrollment, eligibility, claims payment, premium payment, coordination of benefits, and referral/authorization - HIPAA will mandate specific EDI transaction standards and code sets for data.

  • Storage and reporting of identifiers - Patient IDs, provider IDs, payer IDs, and employer IDs will be standardized under HIPAA for purposes of electronic transactions. As a result, information systems devoted to administrative, financial, and clinical applications must be able to capture, store, and report these identifiers.

  • Protecting confidentiality of individually identifiable patient information in an automated system - Organizations must be able to demonstrate sound practices that protect patient confidentiality and security.

Organizations and vendors in the health care industry will need to understand the elements of HIPAA and be aware of the required changes. Providers and health plans will need to review their current information systems for HIPAA compliance. Organizations should also closely review their current confidentiality and security practices. Third party reviews are required. Also, providers and health plans will need to institute policies for selection and acquisition of new information systems that require vendors to demonstrate compliance with known HIPAA requirements and a commitment to meet future requirements.

Are you interested in E3 Services? Do you want more information or a proposal? For more information or to receive a Request For Proposal questionnaire please contact us toll-free at (866) 585-8324 or via email at webmaster@e3tech.net.
— Exceeding Every Expectation