Bryan Allison

Bryan is a director of information technology assurance and risk services. He focuses on information technology regulatory compliance to include Sarbanes-Oxley, HIPAA, SOC reporting, information privacy and security, fraud prevention, disaster recovery, and business continuity.
Find me on:

Recent Posts

Jan 10, 2019 9:30:00 AM

HHS Finally Offers Cybersecurity Guidance to Healthcare Organizations

I’ve worked with healthcare organizations of all sizes for many years and questions are regularly asked about what the best controls framework is for building a cybersecurity program. Surprisingly, very little guidance related to cybersecurity has been provided by the government in the past years even though healthcare has been one of the prime targets of hackers. Stories of hacking, phishing, and malware/ransomware have been prevalent on almost a weekly basis. With the majority of healthcare organizations being understaffed and underfunded, efforts to develop a cybersecurity program have typically been done in a piecemeal fashion to meet the barebone requirements.

Topics: Cyber Assurance Insights, HHS Guidance, NIST

Aug 9, 2018 9:30:00 AM

Lessons Learned from SOC for Cybersecurity Readiness Assessments

During 2017, the AICPA issued a formal framework to allow independent accounting firms to attest to the cybersecurity related posture for companies. In connection with this issuance, firms are able to help companies assess their current environment prior to the actual audit. The goal of this assessment is to allow companies to prepare for the audit to ensure their control environment is sufficient to pass the rigorous SOC for Cybersecurity audit. Ultimately, this will allow for an annual SOC for Cybersecurity report to be provided to its customers, vendors, and investors showing that the company has adequate internal controls in place around cybersecurity.

Topics: Cyber SOC

Aug 10, 2017 10:00:00 AM

How Secure Are Your Vendors?

The spotlight on the topic of vendor management has been shining even brighter lately with a large number of data breaches resulting because of poor vendor processes. With vendors being a key reason for the success of companies in today’s economy, companies have a responsibility to ensure efficient processes are in place when contracting with and working daily with vendors. Though many companies are limited by funds and resources that can be devoted to vendor management, the process for protecting themselves can be as simple as asking the following questions:

Topics: VENDOR MANAGEMENT, vendor security, Cyber Assurance Insights

Aug 1, 2017 10:37:00 AM

CMS May Want Their Money Back

The old adage ‘Money can make you do crazy things’ can easily be applied to both our personal and business lives. Within the healthcare industry, HITECH incentive payments were offered by the US government several years ago to implement electronic health record systems at hospitals and other healthcare organizations. In order to qualify for these government incentive payments, healthcare organizations were required to carry out regular security risk assessments in order to show that they were meeting the HIPAA Security Rule requirements. As is the case with many government incentives, a large number of healthcare organizations properly followed the rules and carried out the security risk assessments while a select number received the HITECH incentive payments without doing so.

Topics: Cyber Assurance Insights, HITECH

Jan 19, 2017 10:00:00 AM

Vendor Management: Ignore at Your Own Risk

In this busy, ever changing business world, management has so many things to worry about that some key business responsibilities often get overlooked.  One key area that is front and center on a daily basis, but is often ignored by businesses of all sizes is the topic of vendor management. It’s hard to identify a business that doesn’t have some form of relationship with vendors. A vendor could be as simple as the person who brings the daily coffee to as complex as the offsite company that manages the servers on which key patient and financial data resides. Though the coffee guy may not have access to any information while on site that could harm the business, vendors that have access to key data for a business could see their names in the headlines if proper security protocols aren’t followed.


Oct 18, 2016 10:01:00 AM

Where is Your Data? Why Performing a Data Inventory is Integral for Companies in this Digital Age

There’s no denying that the days of printed documents are a distant speck in the rearview. Industries are becoming much more reliant on automated systems and processes versus the manual ledgers and manila files of yesteryear.

Topics: data security, data storage