business What are the two most essential elements of data security? June 27, 2017 Two crucial aspects of a successful data security system? Well, let’s just say your system is very weak without a data security risk assessment and a data security breach response. Data security is commonly referred to as the confidentiality, availability and integrity of data within your company. The two most essential elements of data security are a data security risk assessment and data security breach response—does your organization have these in place? Data security risk assessment-what to include Identify Protected Information For data security reasons, you and your company at large should be familiar with PII and PHI. Personally identifiable information (PII) Personal health information (PHI) There is a lot at stake if your PII and PHI are compromised, as you might imagine. For this reason, be sure to pinpoint exactly what is PHI and PII, and the security measures you have in place to safeguard them. Summarize the system architecture and components and the overall level of security. List threats and vulnerabilities, system’s current security controls, and risk levels. Recommend safeguards and describe the level of risk expected to remain if these safeguards were to be implemented. Pinpoint where your company needs to concentrate its attention. Data security breach response This is sometimes referred to as an incident response plan, and is an essential component in ensuring your company is able to properly respond to a data breach. Elements to include.... Documentation of events leading up to and immediately following the breach detection. Communication with everyone in the company about what happened and how they should reply to any external queries. Immediate establishment of the ‘designated response team,’ (especially legal counsel), to determine whether your company needs to involve law enforcement and/or regulatory agencies. Pinpoint the cause of the breach and implementation of necessary steps to resolve the issue. Schedule for notifying those whose data was compromised. Your designated response team, i.e. lawyers will review state laws, compliance regulations, and other mandates affecting what the notification must include and how soon it must happen, as well as how much compensation affected victims should be given. A company’s data security system is nothing without a properly executed data security risk assessment and data security breach response. Need help getting your foot in the door with these two plans? Our Information Security Services Team can help.