Rincon India Solutions Pvt. Ltd.

Tag: audit

  • Fixed Asset Audit

    Fixed Asset Audit

    Asset auditing is a physical verification process. It is akin to comparing an organisation’s “official list” of assets as on the books with the actual assets physically located. By conducting this examination you are confirming that the assets listed on an organisation’s balance sheet are real (or exist physically).

    Establishing the existence and location of an organisation’s assets along with evaluation of their usable condition is a crucial business task for organisations of any size.

    It involves physically auditing of the assets followed by reconciliation of this data with the asset register. This is critical for operational and financial reasons.

    Tracking assets that are mobile (portable) and ensuring they are available, in good condition and locatable is a critical aspect for any organisation. We at Rincon can handle complete physical audits that include all your locations, which can typically be completed 90% quicker (and definitely more accurate) than a manual paper and pen approach since we use different tags depending on the need.

    Assets can broadly be classified into 3 categories after audit:

    • Available and good to use
    • Available but not fit for use
    • Not available at all

    Our reports generated classify the assets into either of these three categories and then based on the Management’s decision, the items in the second basket maybe sent for repairs / renewal etc. The third basket items may be written off.

    Please send us an e mail on sales@rincon.co.in, if interested in knowing more.

  • Fixed Asset Audit Report Ready?

    With the financial year ending soon,
    how prepared are you to face the auditors?

    Do you have a fixed asset register giving proper details of:

    • Assets Grouping / Class (Land, Plant & machinery, IT assets…)
    • Asset Locations (incl. sub-locations & internal location of assets)
    • Asset Conditions (in use and in good condition, scrapped or written off etc.)
    • Asset Identifiers (Make, Model, Serial No. etc.)
    • Asset Tags (with barcodes, QR Codes, NFC Tags / RF ID Tags)

    We can help with

    • Verification of assets
    • Reconciliation
    • Tagging
    • Updation of asset records

  • Reblog: Going Beyond HIPAA: 5 HIPAA-Related Pitfalls And How To Avoid Them

    The Health Insurance Portability and Accountability Act (HIPAA) is a very complicated compliance standard to tackle. There are strict privacy requirements surrounding the handling of patient medical and personally identifiable information, but how these requirements are met is left largely up to the individual healthcare organizations. Add HIPAA’s requirements for portability and accessibility to the fact a given healthcare organization’s electronic medical records (EMR/EHR) system may not be able to directly communicate with another organization’s and exchanging protected information can get complicated.

    The complicated process of exchanging protected health information (PHI) opens the door to accidental HIPAA violations, and potentially worse, a full-scale data breach. To help, here are 5 common HIPAA pitfalls to avoid while you navigate the path to compliance:

    Insurance Claims Denial

    Every organization that needs to comply with HIPAA should be keenly aware of the costs of a data breach, but what happens if a violation or breach happens anyway?

    Organizations typically have some kind of insurance policy to protect against damages from HIPAA violations or data breaches, but it is not uncommon for them to have their claim denied over improperly filled out applications, a failure to maintain adequate security, or otherwise not meeting the requirements placed by the insurance company.

    Insurance providers may have security requirements that go beyond what is required by HIPAA. It is important for organizations to meet these requirements not only to ensure their insurance policy is valid in the event of a breach but because they can often help an organization shore up its security, helping to avoid a breach or violation in the first place.

    Lawsuits and Legal Expenses

    The annual cost of a Data Breach Report 2019 from IBM Security and the Ponemon Institute indicates one of the biggest expenses related to a data breach isn’t the fines from the violation itself, rather the “post-data breach response.” That is, everything related to helping customers affected by a breach, as well as costs associated with redressing the situation, paying reparations, and dealing with any legal fallout from partners.

    What this means is that while complying with requirements laid out by HIPAA and insurance policies is essential, it is also vital to ensure your organization complies with every other relevant law, standard, business associate agreement, or even contractual obligation. Considerations even extend to things like PCI DSS compliance if a given healthcare organization accepts or handles credit card payments, satisfying state laws for protecting patient and employee information, and ensuring the organization and its employees meet professional licensing requirements.

    There are multiple reasons for this. Not only does compliance with many of these requirements help bolster your organization’s security posture, but it also helps to ensure any available legal protections are applicable and works to mitigate liability if a HIPAA violation does occur. This in turn can help reduce the overall cost of the post data breach response.

    For example, if an organization contracted to handle payment processing for a major hospital suffers a data breach resulting in a HIPAA violation, the hospital may hold them responsible for damages if the payment processor failed to meet PCI DSS compliance, regardless if they were meeting the requirements for HIPAA compliance. On top of this, the payment processor may see their insurance claim denied over failing to maintain PCI DSS compliance.

    Hardware and Software Misconfiguration

    Setting up an IT environment is complicated in the first place. Add in HIPAA compliance requirements, contractual and insurance obligations, and meeting other applicable standards and legal requirements like the ones mentioned above, and it’s a recipe for confusion. Confusion, in turn, leads to mistakes.

    A best practice for mitigating this confusion is to identify all of the requirements for your IT environment, both in regard to the functions it needs to perform and the legal and security requirements it needs to meet. From there, generate a thorough checklist for every individual piece of hardware and software that needs to be implemented, being sure to include things like proper environment architectures, app security policies, and even steps for testing to ensure the environment and all of its components are functioning as intended.

    Falling Out of Compliance

    Basic logging and monitoring is a requirement of HIPAA, however, modern monitoring solutions can do more than meet HIPAA requirements. Many of these solutions can not only deliver valuable insights into usage trends in your IT environment, but many are capable of proactively identifying security risks. These risks can include misconfigurations, suspicious network activity, and applications or hardware that have fallen out of compliance or need a software update.

    Further, in the event of an audit or incident, a quality logging solution can help provide clear insight into user and environment activity. Detailed logs can help rapidly address the requirements of a compliance audit as well as in identifying the source of a data breach if one occurs.

    Insufficient Auditing

    An organization leveraging a quality logging and monitoring solution should not stop there, however. While it may deliver meaningful and actionable insights into your environment’s activity, audits remain the best way to assure ongoing compliance. Organizations may leverage internal compliance assessment teams and monitoring solutions, however, it is possible for organizations to erroneously believe they are compliant when they are not. As such, it remains a best practice to leverage an expert third party to conduct compliance and security audits, including for HIPAA.

    Every time a new piece of hardware or software is implemented, one of the last steps on the implementation checklist should be to audit the entire IT environment before making it live. An audit serves as a final check to ensure applications and hardware are properly configured, the environment is architected in the most efficient way. An audit can also check to ensure that the organization is in fact meeting all of the requirements and criteria for HIPAA and any other applicable legal requirements and security policies like those noted above. The audit can also check to ensure that security policies, procedures for implementing the policies, and evidence they’ve been implemented have been properly documented and that those policies have been updated as appropriate.

    If security gaps or any other issues are identified in this audit, the organization will then have a chance to remediate these issues before the environment goes live and the issues actualize into real problems. Organizations should leverage both regularly scheduled as well as random audits to help avoid any undetected error or issue that could result in a breach or falling out of compliance. Additionally, in the event of a breach or HIPAA violation, regular audits may help mitigate claims that a given organization was negligent in their security practices.

    The original article can be found here.

    For more information e-mail us at sales@rincon.co.in and we will be glad to assist you.

  • Reblog: Top 5 Reasons why faxing is important to business

    How the shift to cloud-based faxing is ensuring fax will stay around – for years to come

    Have you sent a fax lately? A lot of us may answer no, or perhaps recommend just sending whatever document you have by email or from a multi-function printer as an email attachment. The blogosphere and pundits alike have declared the ‘death of fax’ for many years now. But, much to the contrary, faxing is not dead, and indeed, according to Davidson Consulting, faxing is much alive – and in fact growing. For example, Davidson reports that there are 100 billion faxes send worldwide every year and that the market for fax services is forecast to grow at a notable 15.2% compound annual growth rate through 2017. Not too shabby.

    But sending a fax – really? With so many alternatives available like cloud-based shared folders, FTP, and even Internet of Things (IoT) ‘wearable’ technologies, why are we still using fax, and why is it still alive? Well, if you’ve had to refinance your house, provide a ‘wet ink’ signature on a legal document on behalf of an enterprise or small business – you know the ‘why’. However, there are some other very pertinent reasons why fax isn’t going away anytime soon that your business or enterprise should be aware of.

    Here’s five reasons why faxing is still very much alive and will continue to be a mission critical mode of document conveyance for consumers and businesses worldwide.

    1. Technology. The wave of cloud services and other public cloud offerings has driven a big shift from the way businesses and consumers consume and share information. The evolution to cloud-based services has enabled an ‘anywhere, anytime’ usage model where music, documents and data sharing can be done via any internet connected device. Cloud faxing is no exception. With email-based faxing over cloud networks, for example, electronic faxing is as easy as sending an email – from any connected internet device or multi-function device/printer.

    2. Global Reach. While new cloud technologies continue to evolve, faxing is still recognized as a central means of business communications worldwide since no single technology has superseded faxing. In fact, many businesses are adapting a cloud-based fax model that simplifies their existing workflows with email-based faxing with the added benefit of eliminating the need to maintaining fax servers, telco lines, maintenance agreements, etc.

    3. Audit and Delivery Confirmation. If your business is in a highly regulated sector likehealthcare, finance or legal, you may very well be aware of the implications of compliance issues such as HIPAA, HITECH, SSAE 16, Sarbanes-Oxley or Graham-Leach-Bliley to name a few. Unlike email or mobile text messaging, with electronic faxing, the receiving fax must acknowledge that the document was received successfully. This notification is proof that your document was delivered successfully. This transactional audit trail data is a critical component to an overall compliance strategy.

    4. Secure. Modern cloud-based fax providers can provide the most secure faxtransmissions by enabling TLS encryption (Transport Layer Security) protocol, delivering enhanced security for peace of mind that your documents are protected by NIST-standard level encryption. As an added measure of security, the documents themselves can be stored with Advanced Encryption Standard 256-bit encryption while at rest on cloud networks. A nice advantage over basic email.

    5. Ubiquity. Because electronic faxing has established a foothold worldwide with a universally accepted protocol, fax technology (cloud or physical fax machines) is ubiquitous and is deeply integrated into business processes, such as transferring medical records or financial information. Cloud faxing has adapted with the technology to integrate into core businesses systems such as Electronic Medical Records (EMRs) and Customer Relationship Management (CRM) systems using flexibleApplication Programming Interfaces (APIs). Businesses also receive the added benefit of eliminating the maintenance and overhead of on-premise fax servers and systems.

    As Mark Twain once said after his death was erroneously reported in the New York Times “…the report of my death has been grossly exaggerated.” The same is true with fax. Fax isn’t dead – it’s just evolving with the times.

    The original article can be found here.

    To learn more contact us sales@rincon.co.in