On Thu, Dec 14, 2017 at 10:52 PM, Jock Philip <firstname.lastname@example.org> wrote:
> Thanks Clifford,
> Unfortunately, this is a hospital that’s decided to hire a consulting
> group that’s going through every vendor and expecting them to comply with
> certain guidelines. We’ve been assigned a risk rating that is “high”
> primarily because we’re a small company so we are getting a certain amount
> of scrutiny.
Ah yes, the external consultants. That’s a variation on the “new guy out to
impress his boss” theme. Is your software certified for some meaningful
use(s)? If not, you’re in for a long haul and great expense. I’ve been
through it and it’s much more onerous, complex, and expensive than the PCI
certification process. PCI certification can be done in a matter of weeks.
It took us about two years from the time we started the process by the time
we got our certification and that is just against the 2014 specifications.
The 2015 specifications are different and require another round of
development and testing. One of the many things you’d be addressing in that
process is security.
+1 647-778-8696 <(647)%20778-8696>
Manage your list subscriptions at lists.omnis-dev.com