The technical and physical security of your data environment is only as secure as the people that run it. Employee training cuts down on human error, promotes security awareness and may prevent or allow for early detection of a data breach.
Online Tech maintains a strong culture of security and compliance by providing periodic security training to all employees for managing day-to-day operations, including training for all new employees. We implement stringent background checks, training and termination procedures to protect your servers and data.
To meet HIPAA compliance, the standard for Security Awareness and Training (164.308(a)(5)) is part of implementing the Administrative Safeguards required by the HIPAA Security Rule. Acknowledging that many security risks and vulnerabilities are internal, the standard requires:
Implement a security awareness and training program for all members of its workforce (including management).
The rule requires training of the entire workforce by the compliance date of the Security Rule, with additional periodic retraining whenever any environmental or operational changes occur that may affect the security of sensitive data. With any new policies and procedures, upgraded software or hardware, new security technology, etc., security retraining is required.
To meet PCI compliance, requirement 12.6 mandates that a company must implement a formal security awareness program to make all personnel aware of the importance of cardholder data security, and they must educate personnel upon hire and at least annually.
Requirement 12.9.4 also mandates that staff should be provided appropriate training to uphold security breach response responsibilities.
When it comes to data security and compliance, don’t take chances with your hosting provider - they are an important link in the chain of trust. Ask your hosting provider for the last dates and documentation of employee security training.