1. Our Services

    • Risk Assessment

      It is a HIPAA & HITECH MU/EHR mandate. It is an introductory clause in the ISO 27002. Small practices, large health systems, business associates must comply.
    • Business Impact Analysis (BIA)

      Compliance mandates require a Business Impact Analysis (BIA) exercise to be conducted and the IT Disaster Recovery Plan (DRP) to be created and updated reqularly. Are you prepared?
    • Disaster Recovery Plan (DRP)

      Once the BIA is completed, Contingency Plans can be developed using the information identified in the BIA. Typically, two types of Contingency Plans will need to be developed: Emergency Mode Plans for business unit recovery and Disaster Recovery Plans (DRP) for Information Technology (IT) systems and infrastructures.
    • ISO 27000 Consulting & Training

      Discuss ISO 27000 solutions from ecfirst, including ISO 27000 training (one day workshop), ISO 27799 training (one day workshop), ISO 27002 risk assessment and remediation services.
    • Technical Vulnerability Assessment

      One in four has reported a data breach. Compliance mandates require the infrastructure to be assessed from the outside (external), from the inside (internal), firewall (DMZ) and wireless.
    • On Demand Security Consulting

      We at ecfirst refer to this consulting model as - "you can do it, we can help." ecfirst resources may be applied to work along with your IT and compliance personnel to help create and update information security policies, technical procedures, processes, forms, supporting documentation and other required tasks.
    • Managed Compliance Consulting

      Managed Compliance Services Program is tailored to meet HIPAA's requirements and provide you with specialized capability in the areas of vulnerability assessments, BIA and contingency planning, training and certification, as well as audit and evaluation.
  2. Press Release

    • Cyber Risk = Business Risk, An Exec Brief from ecfirst

      IRVINE, CALIFORNIA, USA – May 2, 2015: AT&T settles breach for $25M. Target breach settles at $10M, overall costs in nine figures. The risk from cyber attacks is not significant. It is a Board level issue with organizations today. The intent of this brief is to provide actionable information that senior executives...
    • Information Security Assessment

      Cyber Attacks = Business Risk. Prepared?
      "Businesses must conduct a comprehensive and thorough assessment of the potential vulnerabilities to the confidentiality, integrity and availability of all confidential information, such as Personally Identifiable Information (PII). Such assessments must be conducted on a regular schedule, and best practice in the industry is to complete this exercise annually."
    • ecfirst Video: Compliance & InfoSec Solutions

      Cyber Attacks = Business Risk
    • Prepared for HIPAA Audits in 2015?

      "Reduce Risk with Managed Compliance from ecfirst! Over $25 M in HIPAA Fines & 31 M Records Compromised!"
    • Technical Vulnerability Assessment is a HIPAA Compliance Mandate

      "A key requirement of the HIPAA Security Rule compliance mandate is that organizations’ must conduct a comprehensive and thorough assessment of the potentials risks and vulnerabilities to the confidentiality, integrity, and availability of all sensitive information such as PII or PHI."
    • Data breach results in $4.8 million HIPAA settlements

      "Two health care organizations have agreed to settle charges that they potentially violated the HIPAA Privacy and Security Rules by failing to secure thousands of patients EPHI held on their network. The monetary payments of $4,800,000 include the largest HIPAA settlement to date."
    • Information Security Staffing Program (ISSP) from ecfirst

      "ecfirst, an organization rich in hands-on experience delivering information security services across all States in the USA provides the industry’s most flexible program for security staffing. ......"
    • Toolkits for HIPAA, ISO & PCI DSS Released

      "Compliance regulations, such as HIPAA and HITECH, as well as information security standards, such as PCI DSS, ISO 27000 and NIST, establish requirements for mobile device security......"
  3. News & Events

    • Pabrai Security Video Brief

      Checklist for Information Security. Best Practices & Enabling an Audit Ready Program
    • Certified Security Compliance Specialist™ CSCS™, Philadelphia PA

      A 2-Day Instructor-Led Security Compliance Program
      The complete two-day CSCS™ program is of value to compliance professionals and managers, security officers, security practitioners, privacy officers and senior IT professionals...
  4. Virtual ISO

    • Virtual ISO

      ecfirst provides expertise to serve as an organization's Information Security Officer (ISO). Flexible plans exist to address policies, and manage compliance/security projects.
  5. Online Store

    • Online Store

      Download privacy & security policy templates, register for CHP & CSCS classes, access quick reference cards on ISO 27000, HIPAA, HITECH, PCI DSS, NIST, and so much more, exclusively at the Online Store.
    • Checklist

      The Checklist for Information Security includes all of the Checklist documents published by ecfirst.
    • Policy templates

      The ecfirst policy template documents can be easily customized to meet the specific requirements of any type of organization.