In this episode of CyberPHIx Derek Vorpahl, VP and CISO at Davis Vision, discusses security certifications such as HITRUST and SOC 2. Davis Vision is a provider of managed vision care plans nationally.
Derek and Brian Selfridge, Meditology Services Partner, hold a candid conversation about where certifications fit into the overall spectrum of information security risk management tools for healthcare organizations.
Listen as Derek answers the following questions:
- Do security certifications reduce the number of audit inquiries?
- Can certification requirements be useful in managing day-to-day information security risk management?
- What advice do you have for organizations in the early stages of the certification process?
- What staffing resources do you need to complete the certification process?