VeriSign Launches Security Certification For Health Information Protection

PRESS RELEASE

MOUNTAIN VIEW, CA, March 2, 2009 " VeriSign Enterprise Security Services today announced the launch of certification services for healthcare organizations looking to take the first step with the Health Information Trust Alliance (HITRUST) Common Security Framework (CSF). HITRUST is an industry collaboration established to change the way sensitive health information is protected and meet growing regulatory compliance demands. VeriSign certification services provide a focused review of your information security program and target environment based upon the objectives and controls established within the CSF.

The HITRUST CSF, which was unveiled today at a HITRUST 2009 launch event in San Francisco, addresses the need for a more consistent and cost effective approach to protecting and exchanging health information and electronic health records. It was developed specifically for healthcare information and provides prescriptive managerial, technological and physical controls scalable to the size of the organization being assessed, as well as an assessment methodology for evaluating the existence of controls against the business and partner requirements as well as federal and state regulations.

"The launch of the CSF accomplishes the critical task of establishing a standard framework for healthcare information security and exchange," said Todd Waskelis, vice president of VeriSign Global Security Consulting. "VeriSign is honored to play an active role in its development and looks forward to supporting the healthcare industry's adoption of this important security framework."

HITRUST collaborated with leaders of the healthcare industry and professional services firms, as well as technology organizations, to create the HITRUST CSF. VeriSign was an early leader in the development effort, contributing to the framework content, the industry review of the framework, and the development of the underlying assessment methodology. The CSF cross-references and enhances industry best practices derived from existing standards and regulations.

"Leaders from across the healthcare industry have stepped up to collaborate with HITRUST on the Common Security Framework, marking an important milestone in the greater protection of health information," said Daniel Nutkis, CEO of HITRUST. "VeriSign consultants played a key role in the development of the CSF and continue to deliver great value to HITRUST through their information security expertise, experience and services."

VeriSign's services for certification of the HITRUST CSF begin with a readiness assessment to evaluate the scope of the certification requirements and determine gaps in the organization's existing security program that would prevent attainment of the HITRUST Certification. VeriSign can then help address these gaps through remediation services including policy, standards and procedures development and program development in the areas of Risk Management, Security Governance, Asset Management, Network Monitoring and Management, SDLC, Incident Response and Management, and Business Continuity Management. Finally, VeriSign will be accredited to perform HITRUST Certification assessment in accordance with the guidance set forth by HITRUST using the CSF as the assessment baseline.

VeriSign consultants are all certified security professionals averaging over 12 years of experience. They perform thousands of assessments annually and assist organizations in all sectors and vertical markets worldwide in the implementation of effective information security management practices.

For more information about VeriSign's HITRUST CSF Certification Services, visit http://entsecurity.verisign.com/global_security_consulting/hitrust_certification_services or call 650-426-5310.

About VeriSign Enterprise Security Services VeriSign Enterprise Security Services is a division of VeriSign, the trusted provider of Internet infrastructure services for the networked world. Through this business unit, VeriSign provides a suite of security services for IT professionals seeking a balance between escalating information security demands and resource availability. The Enterprise Security Services suite includes Managed Security Services, iDefense Security Intelligence Services, and Global Security Consulting. This flexible portfolio of services make use of the most current, real world intelligence, experience and technology to deliver proven solutions that address the growing issues of cost, complexity and compliance that challenge IT security professionals.

Contacts Media Relations: Dan Brennan, Corporate Ink Public Relations, [email protected], 1.617.969.9192