Leading CRM Provider Improves Configuration Checks on AWS Resources to Comply with HIPAA Framework Published on June 16, 2023 Challenge A globally-recognised CRM provider engaged Protiviti to assist them in determining methods to better protect customer data while complying with each customer's unique regulatory requirements. The client needed an efficient method to perform configuration checks on AWS resources to ensure it would remain compliant with the HIPAA framework so that it could grow its footprint in the healthcare industry. Client Snapshot: Profile This leading CRM provider has built its globally recognised brand by earning the trust of its customers through transparency, security, compliance, privacy and performance to deliver the industry's most trusted infrastructure. Client Situation The client needed to more effectively protect customer data and comply with each customer’s regulatory requirements. Work Performed Protiviti worked with the client to implement AWS Config, manage AWS Config rules, conformance packs, and aggregators to build a comprehensive solution. Outcome/Benefits Provided a master list of all in-scope resources that can enable or disable encryption at rest. Identified risk areas across 50+ AWS resources to be adjusted prior to declaring a HIPAA self-certification. The client's GRC and engineering teams saved 6000+ hours in sampling AWS resources across all its conformance pack services. Topics Cybersecurity and Privacy IT Management, Applications and Transformation Risk Management and Regulatory Compliance
