Milliman Security Management System MS2 Home | Contact | Site Map | Milliman    
Milliman Security Management System
Overview
MS2
MS2:VM
 

Compliance FAQs

 

How does MS2 help achieve compliance?

 

Maintaining an overall security management process is generally much more important than the implementation of specific safeguards in achieving compliance.  For the most part, regulations acknowledge that organizational security needs and issues vary and that an organization must establish the safeguards most appropriate and reasonable for the business processes and purposes of that organization. MS2 provides a process and framework to establish and document a comprehensive security program to meet regulatory intent, to conduct a security audit, and to prepare needed reports.

 

In addition, MS2 maps an organization’s security practices to major security standards that support the compliance audits. MS2 supports, but is not limited to, the following generally accepted and published industry security practices:

  • National Institute of Standards and Technology (NIST)
  • Department of Health and Human Services (DHHS/CMS)
  • Information System Security Association (ISSA)
  • Information Systems Audit and Control Associations (ISACA)
  • ISO 17799 Standards
  • WEDI/SNIP Organizations
  • State Health Association Organizations

 

 

 

 

 

 

 

 

 
Compliance FAQs

How does MS2 help implement and maintain an effective security compliance program?


How does MS2 help ensure that the proper security safeguards are in place?


How does MS2 help your organization comply with Sarbanes-Oxley?


How does MS2 help with Gramm-Leach-Bliley Act (GLBA) compliance?


Are all the elements of the GLBA Safeguard Rule included in MS2?


What kind of security risk assessment methodology does MS2 use and does it conform to NIST (National Institute of Standards) protocols?


Why does MS2 map controls to standards such as NIST and ISO?


What is the ISO 17799 standard, and why is it so important?


Does MS2 calculate a Return of Investment (ROI) for the security gaps identified during the risk and gap assessment?


How does MS2 help achieve HIPAA compliance?


Which features in MS2 help organizations achieve HIPAA Security compliance?


What is the definition of common control?

 

If my vendor says that the system we are using is HIPAA Security compliant, does that mean we are also HIPAA Security compliant?