Business Associate Assessment-as-a-Service
Adherence to security frameworks and federal regulations require every provider actively manage the security posture of any business associate or third party. This is often a daunting task when you have upwards of 20, 30, 40+ business associates or third parties.
Guardian has a solution that will help. We take on the assessment responsibility of all third-party contracts that manage or process PHI. We use our extensive Security Assessment Questionnaire (SAQ), powered by Qualys, to assess against numerous security frameworks and regulations, including HIPAA/HITECH, PCI, HITRUST, NIST.
Launching and tracking campaigns from SAQ’s central console
The traditional way of conducting these risk assessment surveys – emailing questionnaires and tracking responses on a spreadsheet – no longer cuts it. Using SAQ Guardian automates these audit campaigns and makes the process agile, accurate, comprehensive, centralized, scalable and uniform across your organization.
- We enter respondent emails in the SAQ web console and SAQ auto-provisions the surveys, sending out links to the web-based questionnaires
- We centrally manage and track the progress of all of your campaigns
- We monitor response activity in dashboards updated in real time, and literally watch as questions are answered
- We let supervisors review the format and content of questionnaires before they’re launched and even while a campaign is in progress
- We set up recurring campaigns that need to be run with a specific frequency
- We support a wide variety of risk assessment use cases within your organization and externally with your vendors, contractors, partners and consultants, including:
- Auditing current vendors to make sure they remain compliant
- Evaluating vendors bidding for your business
- Assessing for the first time a key supplier you just signed up
- Conducting a “postmortem” assessment of a slip-up by one of your third parties
- Verifying your employees understand IT security and compliance policies and procedures
We have simplified the process of responding to questionnaires
If you find the process of filling out a risk assessment questionnaire is cumbersome, this will affect the quality and thoroughness of answers provided by respondent, as well as their timeliness for completing the surveys. SAQ makes the task intuitive with a raft of convenient features designed to make life easier for respondents, including.
- Quickly and efficiently completing questionnaires from any browser at any time
- Securely attaching evidence files with drag-and-drop convenience
- Delegating questions to other users or user groups based on their role
- Receiving reminder emails regarding due dates and completion status
Document, visualize and share campaign results
The goal of these campaigns is to quickly and precisely identify IT security and compliance gaps among your network of third parties, and within your organization, so you can take appropriate action. SAQ gives you all the tools for displaying, understanding, analyzing and acting on the collected data.
- Provide high-level dashboards for executives and detailed views for internal auditors and compliance officers
- When generating reports, filter data by question criticality and answer scores to derive an overall risk score or identify high risk areas
- Create custom dashboards designed to reflect the risk and compliance postures of specific third parties
- Slice and dice campaign results using a variety of criteria, such as by vendor, respondent or specific questions
- Generate proof of compliance with detailed reports