shayre, as developer and supporter of the “shayre” file synchronization software application, continues to undergo internal and external Security and Risk Assessments, leading to GAP Assessment and Remediation Planning, as well as Policy and Procedure creation and updates. These assessments pertain to procedures and practices related to software development, technology environment and management, and personnel. They are instrumental in the process of a) avoiding and mitigating security risk, b) managing IT policies and procedures going forward, and c) seeking industry certifications, and ensuring that shayre follows best practices required by such certifications that are maintained by prospective and existing clients.
The most recent exercises included both Internal and External Assessments carried out in conjunction with TipLynx and Compliancy Group, resulting in verification of various policies and procedures in place, and certification as HIPAA security compliant.
In addition to the Internal and External Security & Risk Assessments already completed, shayre is currently undergoing further Assessments with regard to HITRUST certification and the MPAA Content Security Best Practices Program and certification. A synopsis of the Security Assessments recently concluded is outlined below.
TipLynx assisted shayre in performing an internal assessment covering the following areas, and found that they are all being addressed satisfactorily and actions are planned or underway to further decrease any GAPS in policies or procedures.
In addition, an External Assessment was conducted by Compliancy Group to determine the state of security at shayre and our shayre file sharing application, related to current HIPAA Compliance standards. shayre was found by Compliancy Group to be “HIPAA Compliant”, achieving their highest rating and “HIPAA Seal of Compliance”. A link to the Compliancy Group’s company verification process, and a copy of their seal of approval that is associated with shayre are below.
As part of the Compliancy Group’s Assessment process, the following areas were addressed in a training program for all principals and employees of shayre. Each participant was required to pass tests and attest to completion and understanding of all training areas, policies, and procedures.
In addition, several risk audits were done, generating Policy and Procedure documents and manuals which were uploaded to an active web portal developed for storage and maintenance of all shayre security policies and procedures.