Baylor College of Medicine – Human Genome Sequencing Center
BCM-HGSC’s NIH Grant requires compliance with FISMA guidelines including NIST 800-37 (RMF) and NIST 800-137 (Continuous Monitoring). BCM-HGSC was required to demonstrate initial compliance on a tight timeline. This required them to quickly onboard deep expertise and process experience to ensure they met this goal. BCM-HGSC also wanted to implement a risk management program for their security authorization & assessment (SA&A) process.
BCM-HGSC called on TalaTek to help with their immediate need for FISMA compliance. Once the initial project was complete, BCM-HGSC engaged TalaTek to develop a risk management program for their unique needs including current compliance requirements and future requirements. Today BCM-HGSC tracks compliance with over 300 Moderate NIST 800-53, Rev. 4.0 controls via continuous monitoring.
As BCM-HGSC expands its operations, they now have the need to demonstrate compliance with HIPAA Privacy and Security rules. TalaTek performed an initial gap analysis, including a mapping of HIPAA controls and requirements to FISMA controls currently implemented in the BCM-HGSC environment. A HIPAA implementation plan from TalaTek will include the recommend steps for integrating HIPAA controls into their existing risk management program.
-Information System Owner (ISO), Baylor College of Medicine – Human Genome Sequencing Center