A major healthcare technology provider retained Bryghtpath to ensure their resilience program for business continuity, crisis management, and IT disaster recovery met the requirements for HITRUST certification.
The Opportunity
Bryghtpath was retained by the General Counsel and the Chief Security Officer to review the organization’s current resilience capabilities for business continuity, crisis management, and IT disaster recovery to prepare the organization to obtain HITRUST certification.
Approach and Results
Bryghtpath began this engagement by utilizing our Resiliency Diagnosis® process to evaluate the organization’s resilience capabilities for business continuity, crisis management, and IT disaster recovery. This review focused on assessing the program’s maturity against the ISO 22301 standard and the HITRUST controls they would be evaluated against later in the year.
Once our evaluation was completed, we worked across three specific workstreams within the client’s organizations to mature their business continuity, crisis management, and IT disaster recovery programs. In particular, the organization needed to refresh and exercise its business continuity and crisis management plans. A more in-depth business impact analysis (BIA) process was developed and executed across the organization.
From an IT Disaster Recovery perspective, the organization needed to create new IT Disaster Recovery Plans for more than 80 critical applications and services representing a mix of on-premise and cloud-hosted environments (Amazon Web Services & Microsoft Azure).
Once plans were completed, we worked with the infrastructure, operations, and product teams to test their recovery plans and capture the necessary evidence for HITRUST certification.
The engagement ended with our consultants coaching the client through HITRUST assessment interviews, assembling required evidence for the assessors, and developing a post-assessment action plan for identified opportunities.
The organization achieved its HITRUST certification with ease. We’ve since assisted them in recertification efforts every two years since the initial work was completed.
Key Activities
- Review of existing resilience capabilities utilizing our Resiliency Diagnosis® methodology focused on both ISO 22301 and the HITRUST requirements
- Revision of the organization’s business continuity, crisis management, and IT disaster recovery plans and related documentation to meet HITRUST requirements
- Discovery meetings with more than 30 stakeholder teams across the organization
- Established standards and requirements for business continuity, crisis management, and IT disaster recovery exercises
- Facilitated multiple business continuity & crisis management exercises, documenting lessons learned in line with HITRUST requirements
- Oversaw the creation of more than 80 disaster recovery plans and the execution of disaster recovery tests for on-premise and cloud-native applications & services
- Coached internal teams through HITRUST assessment interviews and evidence collection
Outcomes
- Achievement of HITRUST certification for on-premises and cloud-based systems
- Completion of multiple business continuity & crisis management exercises within a sustainable process
- New IT Disaster Recovery Plans for more than 80 applications and services, each thoroughly tested and documented.
- Improvements to resilience program documentation, plans, and processes for business continuity, crisis management, & IT disaster recovery
Download a PDF copy of this case study
We can help.
Let the experts at Bryghtpath put their decades of experience to work for your organization
We’ve designed, facilitated, and evaluated active shooter exercises for
Fortune 500 organizations around the world.
Our team has the experience, tools, and partnerships to help your organization successfully navigate the rough waters ahead – and ensure your organization is prepared.