Certifications Should Be More Than a Check-the-Box Exercise

You work hard to ensure security protocols are in place to protect your customers’ data and you are confident you are a trustworthy business partner.  But how do you demonstrate that trustworthiness? One way is to go through a long, tedious process to show evidence of what you do and how you do it to be compliant.  Unfortunately, a risk and security assessment can take 6 to 18 months and eat up a lot of resources – time and energy no one has to spare in today’s fast business environment.

Certifications are good for everyone

Increasingly, organizations want to see they are working with other businesses who can demonstrate proof of compliance with certifications. Businesses that have certifications can respond to new partnership opportunities quickly and confidently, without the stress and hassle of going through lengthy assessments. A certification is an official statement that says you are secure, allowing you to move forward with plans for profitable and beneficial business relationships. This ability to respond quickly puts you at a competitive advantage and boosts your reputation in the market.

You’re ready to get certified. What’s next?

There are a few ways you can go about getting certified.  You can hire and assign resources within your organization to do the required assessments, working through hundreds of questions that may in itself, create more questions than answers for your already busy team while distracting from your core business activities. Some organizations may consider hiring a professional assessor who is approved to certify.  For small to mid-size organizations, they may find this option is cost-prohibitive as the assessor spends invasive time learning about your business and going back and forth with your internal resources.

Kuma offers another approach

Kuma’s highly experienced security and privacy experts can guide you through the efficient process with milestones and expert advice along the way, making it possible to get through each part of the assessment with confidence you are doing it right, while at the same time maturing your security and privacy practices. Today certification efforts are focused on “pass/fail” or “check the box” activities and this is a waste for everyone involved. We focus on maturing your organization’s security and privacy program and ensure that a successful certification comes as a result. Once you are ready for the final steps, Kuma can either certify or partner with approved assessors to guide you the rest of the way to certification approval. This hybrid approach saves both time and money, without compromising expertise and quality outcomes and positions the certification activity as a tool to improve your business.

Kuma has extensive experience with certification and assessment schemes in the field of information and identity assurance, including FICAM evaluation of identity and credential service providers, FISMA evaluations of Federal information technology systems and information programs, HIPAA and HITRUST standards of health information, ISO27000 information security management systems and Public Key Infrastructure audits, and GAAP, NIST 800-53 and FIPPs from a privacy perspective. We can support certification and assessment, or gap analysis and readiness support for these schemes.

Learn more about how Kuma can help you.

Kuma is pleased to announce our partnership with Control Case – a certified HITRUST assessor

Kuma is a proud partner with Control Case, an approved certification assessor for HITRUST.  Kuma’s approach to readiness coupled with ControlCase’s certification methodology is helping healthcare organizations transform their security and privacy program. We are pleased to support Control Case’s annual users conference “2018 Data Security and Compliance” taking place November 14 and 15. Kuma’s EVP of Privacy, Jenn Behrens, will be presenting the following:

Demystifying Privacy:  GDPR, California, New York & the Future – What Should I Be Doing?  
Wednesday, November 14 – 9:30 – 10:15 AM

Recovering from Red – The Road to Health after a Breach
Thursday, November 15, 1:00 – 1:50 PM

Meet Josh Goldberg, Kuma’s Director, Security & Compliance

As part of the Kuma team, Josh oversees audit certifications and helps organizations with evidence needs like policy development and implementation. He also assists clients in creating compliant and secure cloud environments.  Josh found his way to compliance with previous experience as a Cloud Network Engineer where he gained fluency in  PCI/HIPAA/HITRUST/SOC2 Audits and Certifications. His advice for organizations who decide to go forward with certifications? Be patient. It’s a long process, but if done right, you can mature your organization’s security and privacy programs along the way.

Originally from Miami, Josh now lives in Raleigh, North Carolina. At an early age, Josh had a passion for computers and was determined to find a career in IT. His favorite number is two; back in the day when pagers were the thing, two became his “beeper code” ID for friends.  When he’s not guiding Kuma clients away from the pitfalls of compliance certifications, he spends time with his wife, 10-year old daughter and 4-year old son, who he attributes to where he gets his inspiration. He wants to give them all they deserve and more. His favorite family tradition is opening all the gifts on Christmas Eve and if he could pick a superpower it would be super speed to clean up after his kids, pets, and all that wrapping paper at lightning speeds! When asked who he’d most like to swap places with for a day, he points to one of his three cats, especially pampered members of the family who sleep 23 hours a day. He is currently watching The Haunting of Hill House and American Horror Story on Netflix and the last book he read was a Steve Jobs biography. His favorite travel spot is St. Lucia and the best concert he’s ever been to was Ed Sheeran. Last, when asked to share with us his favorite quote, Josh shared, “Be yourself; Everyone else is already taken.”  Connect with Josh on LinkedIn.

The process doesn’t have to be painful

The good news is Josh and the Kuma team are here to support your certification, assessment, and readiness process and make it as painless as possible. Contact usto find out how we can help you.

Share This Post:


Subscribe To Our Newsletter

Signup for our newsletter to get updated information, news, and promotions.
Start Here

Send us a message

Please take a moment to submit your information. A member of our consulting team will be in touch shortly.