ISO/IEC 27001 Certification Awarded to NCQA, an Organization Dedicated to Improving Healthcare
Consult2Comply’s Expert Understanding of the Regulatory Guidelines Helped Keep
Business Objectives in Line With the Certification Process and Risk Assessment in Perspective.
October 25, 2010 | Reston, Virginia – Consult2Comply, a premier regulatory compliance software and services provider announced today that NCQA, a non-profit organization dedicated to improving health care quality, successfully earned an ISO 27001certification as a result of their partnership and business compliance services.
Steve Crutchley, Chief Executive Officer and founder of Consult2Comply stated that “NCQA began their certification initiative in order to position themselves as leaders in information security for the healthcare industry. This organization is dedicated to healthcare plans, systems and their patients and they have an unprecedented level of commitment to the quality of healthcare being delivered as well as to the integrity and confidentiality of their data. Meeting the standards of ISO 27001 was at the core of how they wanted to do business and understanding what approach was necessary to get things under control was imperative. Naturally they wanted to protect ‘everything’ and didn’t know how to sort it all out”.
NCQA’s accreditation effort was led by Rick Moore who holds two titles; Chief Information Officer and Chief Information Security Officer. He said “Steve Crutchley is an expert who showed us exactly how to approach this certification and who understood how to keep our business objectives in line with the process. He helped us understand the ISO guidelines and explained and interpreted the standard in a way that helped us hone in on what was really important and to assess our greatest areas of risk. He brought understanding to our executive team by showing us that not every part of the standard applies to every business need, which allowed us to build an appropriate framework in record time. We were able to balance our business approach and create a well defined process that will help us grow”.
Rick went on to say, “Even with trained information security professionals on board, we weren’t clear on how to approach something as daunting and without Consult2Comply we would still be struggling. They provided the insight and the tools that helped us do all the heavy lifting, shortened the process and saved us a whole lot of time, money and frustration. Our audit resulted in zero non-conformities so we now know that management would have been left guessing that we got it right without this valuable help. Consult2Comply has given us the understanding and the tools necessary to go forward and enabled us to embed a program into our culture that will always be a part of the fabric of how we do business”.
Consult2Comply is a premiere GRC firm that provides compliance infrastructure management services, and compliance software and mapping solutions that support international regulatory standards and best practices for commercial and government enterprises. C2C's web-based, automated compliance platform is designed for improved business performance and audit readiness across the entire organization. Consult2Comply's blended approach of Managed Compliance Services™ -- software plus services as a compliance solution – and Compliance Infrastructure Management™ helps organizations align existing compliance infrastructure with the ever changing regulatory environment. Over 25 years in auditing and consulting in information security and asset management inspired the creation of C2C’s compliance, risk and audit management tools as well as their practical, business-focused approach. For more information, visit www.consult2comply.com
The National Committee for Quality Assurance (NCQA) is a private, non-profit organization dedicated to improving health care quality. NCQA accredits and certifies a wide range of health care organizations and recognizes clinicians and practices in key areas of performance. NCQA is committed to providing health care quality information for consumers, purchasers, health care providers and researchers. Visit www.ncqa.org for more information.
ISO 27001 is an international standard for IT Service Management. ISO/IEC 27001 requires that management systematically examine the organization's information security risks, taking account of the threats, vulnerabilities and impacts, design and implement a coherent and comprehensive suite of information security controls and/or other forms of risk treatment (such as risk avoidance or risk transfer) to address those risks that are deemed unacceptable and to adopt an overarching management process to ensure that the information security controls continue to meet the organization's information security needs on an ongoing basis.
Dave Teti 703-391-6010