Session Description:
Please join us as Michael Frederick, Vice President of Operations at HITRUST, Adrian Christie, Risk Assurance Director and Brent Stevens, Risk Assurance Manager at PricewaterhouseCoopers as they walk us through a full day of topics ranging from an overview of HITRUST and its offerings to how organizations can leverage a SOC 2 + CSF certification created under AICPA guidance. Interact with these subject matter experts along with other healthcare professionals, auditors and third party risk managers as we discuss the following topics:
· Background on HITRUST
· Overview of the HITRUST CSF framework and its mapping
· Walkthrough of the MyCSF (GRC) tool
· HITRUST CSF Assurance Program
· Types of assessments (self assessment, validated assessment, certified assessment)
· SOC 2 + HITRUST CSF Reporting
· Privacy and HITRUST
· Future Plans for HITRUST in 2017 and Beyond
Michael Frederick and Adrian Christie will also lead a Q&A discussion following the event.
Speaker Bios: Michael Frederick has 20+ years’ experience in information security. He is currently the Vice President of Operations at HITRUST. Prior to joining HITRUST he was CEO of The Frederick Group, a professional services firm focused on security risk management in healthcare. He served as Chief Information Security Officer (CISO) for eight years at a large healthcare system. While in this role, he led the organization in becoming the first hospital system to be certified under the HITRUST CSF and was the industry lead in the provider space during the development of the CSF. He has been a speaker at numerous security events and has been published on the topics of risk management, applying security practices within an organization, and how to build an effective security organization. Prior to his CISO role, he was a security architect, security manager in industry and a security consultant in various large accounting firms. He has been a Certified Information System Security Professional (CISSP) since 1999.
Adrian Christie is a Boston-based Risk Assurance Director serving healthcare provider and payer clients in the Northeast and across the country. Adrian’s experience includes more than 10 years of delivering and managing a wide range of audit and advisory services.
He has experience leading information technology (IT) systems and controls audits and assessments for many of the Northeast's most prominent healthcare organizations. This includes IT general controls audits associated with year-end financial reporting, SSAE16/SOC1 and SOC2 reporting engagements, as well as monitoring services in connection with Department of Health and Human Services’ Office for Civil Rights (OCR) resolution agreements and corrective action plans. Adrian has also managed internal audit functions through an outsourcing or co-sourcing relationship. Responsibilities include conducting risk assessments, developing risk-based internal audit plans, defining scope and managing the execution information security audits, and delivering results and recommendations to senior management and audit committees.
Finally, Adrian has led various advisory services to assess information security controls specific to HIPAA, HITRUST Common Security Framework (CSF) readiness and certification, as well as provide IT strategy and system implementation guidance.
Brent Stevens is a Manager within PwC’s Risk Assurance practice located in Boston, specializing primarily in Process Assurance and Trust & Transparency Solutions, and servicing clients within the Insurance and Healthcare industries. Brent is a member of PwC’s National Center of Excellence for HITRUST services, and assists clients in both improving and assessing their organizations against the HITRUST CSF through gap and readiness assessments, remediation assistance, and formal validated assessments with HITRUST. Brent is a Certified Common Security Framework Practitioner (CCSFP) with HITRUST, and a Certified Information Systems Auditor (CISA) with ISACA. Brent has over 8 years of audit, process and controls experience, including internal and external assurance services related to both public and private companies, and has developed expertise in the development and execution of risk assessments, audit programs and strategy related to Sarbanes-Oxley (SOX) 404 IT General Controls audits, SOC 1 reporting, and the development of risk mitigation strategy, management and execution of internal audits on behalf of Management teams in both outsourcing and co-sourcing arrangements. Brent is also responsible for communicating observations, recommendations and suggested areas for improvement to Senior Management across his client portfolio.
CPEs: 7
Seminar Registration: 7:30am-8:00am
Seminar Time: 8:00am-4:30pm
Cost: $100 members / $125 non-members / $50 students
Register 3 and the 4th is free!
Contact president@isaca-ri.org with the names of 3 regsitered from your company and name of the 4th person who will be noted as free on the registration form at the event.
Continental Breakfast and Lunch Included
Registration is limited to 100 - please register early.
Cancellations / Refunds Policy
Payment is due on, or before, the scheduled session. Cancellations must be received seven (7) calendar days prior to a seminar date; if you already paid in full, a full refund will be provided. If you need to cancel within the seven calendar days prior to a seminar and you already paid, you will not receive a refund however you may defer your payment towards a future seminar. Please note that we need to adhere to our policy in order to offer our members quality training sessions and to help us plan for seminar expenses (room/food).
