It has been awhile since I have posted so please allow me to re-introduce myself. I am a partner in
an offsite records/data management company in Omaha, Ne
Regarding the PCI compliance I would suggest a company headquartered in Kansas City, MO. Fishnet
Security. Our contact there is Michael Epperson. They provide various types of security audits and
have provided our PCI certification audits. I am not sure if they are involved with HIPAA compliance.
The process can be rather complicated as you mentioned but it is obtainable.
I will email you the contact information off line. If anyone else needs the information feel free to
email me.
Steve Westerfield
Benson Records Management Center
Omaha, NE
402-571-3305 x117
www.BensonRecordsManagement.com
-----Original Message-----
From: Records Management Program [mailto:[log in to unmask]] On Behalf Of King, Douglas
Sent: Thursday, September 17, 2009 1:20 PM
To: [log in to unmask]
Subject: PCI-DSS physical security reviews
[I sent this out in error with the wrong subject line -- I apologize! Resending with a more accurate
one. / dkk]
First a bit of background ... Sedgwick County Government is working hard to achieve PCI-DSS
compliance(that's Payment Card Industry Data Security Standard -- see
https://www.pcisecuritystandards.org/). For HIPAA Security Rule physical security our own Courthouse
Security function has done the on-site reviews, but the Director is reluctant to take on this task
for PCI-DSS -- she is facing possible loss of two positions, which forces her to focus on core
responsibilities. While HIPAA compliance needs inspections of sites with ePHI access every three
years, it appears PCI-DSS would involve annual inspections at even more sites, and criteria are
somewhat expanded.
I am conducting a bit of preliminary research as to the availability of security consultants and
costs for these types of services. We already have a vendor for testing computer systems' security,
but we have not yet identified vendors that have demonstrated expertise for HIPAA Security and
PCI-DSS compliance physical security. Is your organization contracting for physical security reviews?
If so, I would appreciate learning about vendors and costs.
Courthouse Security would continue to do what it calls "law enforcement" reviews as part of
remodeling, renovation and new construction, which it needs to provide its own services and
coordinate with other law enforcement agencies.
Thanks in advance!
// Douglas K. King, Records Mgr / Freedom of Info Offcr, MA, ERM-M
|| Sedgwick Cnty Gov DIO/IT Arch & Compliance / Records Mgmt Srvcs
|| Sedgwick County Courthouse / 525 N. Main / Wichita KS 67203
|| 316.660.9846 FAX 316.660.3274 mailto:[log in to unmask]
\\ www.sedgwickcounty.org "Sedgwick County ... working for you"
List archives at http://lists.ufl.edu/archives/recmgmt-l.html
Contact [log in to unmask] for assistance
To unsubscribe from this list, click the below link. If not already present, place UNSUBSCRIBE
RECMGMT-L or UNSUB RECMGMT-L in the body of the message.
mailto:[log in to unmask]
Intended for recipient only. Please delete and do not read any messages that are incorrectly received and notify sender at 1-402-571-3305. Interception or review by anyone not authorized
to do so is unlawful. Note: Because e-mail can be altered electronically, the integrity of this communication cannot be guaranteed. This message has been scanned with Anti-Virus
Software and no viruses were found to be present.
List archives at http://lists.ufl.edu/archives/recmgmt-l.html
Contact [log in to unmask] for assistance
To unsubscribe from this list, click the below link. If not already present, place UNSUBSCRIBE RECMGMT-L or UNSUB RECMGMT-L in the body of the message.
mailto:[log in to unmask]
|
