Print

Print


[I sent this out in error with the wrong subject line -- I apologize! Resending with a more accurate one. / dkk]

First a bit of background ... Sedgwick County Government is working hard to achieve PCI-DSS compliance(that's Payment Card Industry Data Security Standard -- see https://www.pcisecuritystandards.org/). For HIPAA Security Rule physical security our own Courthouse Security function has done the on-site reviews, but the Director is reluctant to take on this task for PCI-DSS -- she is facing possible loss of two positions, which forces her to focus on core responsibilities. While HIPAA compliance needs inspections of sites with ePHI access every three years, it appears PCI-DSS would involve annual inspections at even more sites, and criteria are somewhat expanded.

I am conducting a bit of preliminary research as to the availability of security consultants and costs for these types of services. We already have a vendor for testing computer systems' security, but we have not yet identified vendors that have demonstrated expertise for HIPAA Security and PCI-DSS compliance physical security. Is your organization contracting for physical security reviews? If so, I would appreciate learning about vendors and costs.

Courthouse Security would continue to do what it calls "law enforcement" reviews as part of remodeling, renovation and new construction, which it needs to provide its own services and coordinate with other law enforcement agencies.

Thanks in advance!

// Douglas K. King, Records Mgr / Freedom of Info Offcr, MA, ERM-M
|| Sedgwick Cnty Gov DIO/IT Arch & Compliance / Records Mgmt Srvcs 
|| Sedgwick County Courthouse / 525 N. Main /  Wichita KS 67203
|| 316.660.9846   FAX 316.660.3274   mailto:[log in to unmask]
\\  www.sedgwickcounty.org   "Sedgwick County ... working for you"

List archives at http://lists.ufl.edu/archives/recmgmt-l.html
Contact [log in to unmask] for assistance
To unsubscribe from this list, click the below link. If not already present, place UNSUBSCRIBE RECMGMT-L or UNSUB RECMGMT-L in the body of the message.
mailto:[log in to unmask]