Cornerstone of Compliance Mandates Are Policies

Are your organizational privacy and information security policies updated to meet compliance mandates? Be it State (California, Massachusetts or over 40 others), Federal (HIPAA Privacy, HIPAA Security, HITECH Act), Industry Standards such as PCI DSS or ISO 27000 – all require policies to be developed, approved and communicated to all members of the workforce!

Are your policies ready?

Already in use at hundreds of organizations, the ecfirst bizSHIELDtm Policy Templates are the most complete in the industry. Any company or agency can easily tailor the policies; Edit & Go!

Furthermore, with every download of an ecfirst Policy template – you get an Industry First –complimentary 30 minutes of conference call time with ecfirst compliance and security experts – to address any questions you may have!

HIPAA Privacy Policy Template Set

All covered entities are required to create HIPAA Privacy Policies as per the guidelines of HIPAA Privacy rule. Most of these policies are used in day to day administration.

“Essentially, a covered entity is required to develop and implement policies and procedures appropriate to the entity’s business practices and workforce that reasonably minimize the amount of protected health information used, disclosed, and requested;” – HIPAA Privacy Rule 45 CFR Part 160.

Information Security Policy Template Set

The bizSHIELDtm security methodology identifies seven critical steps for an organization to establish a comprehensive framework for defending sensitive business information such as electronic Protected Health Information (EPHI) and vital assets. It is a road-map to safeguard not just your digital assets but the organization’s information infrastructure as a whole. The bizSHIELDtm security methodology includes these vital and necessary HIPAA security policies; now available exclusively through ecfirst – Home of the HIPAA Academy.
The security policies have been customized to meet the specific requirements of the HIPAA Security Rule. Over 60 specific security policies are included in the package and address the HIPAA Security Rule Standards and associated implementation specifications. Additionally, several best practices policies are included with this set that go above and beyond the Security Rule requirements.

ISO 27000/2 Policy Template Set

Organizations are increasingly considering applying the family of ISO 27000 international security standards to comply with various U.S. federal and state regulations such as HIPAA, HITECH, as well as standards such as the PCI DSS. The ISO 27000 is a global standard that provides a comprehensive framework that organizations can adopt to address compliance requirements and establish a resilient information infrastructure.

The ecfirst ISO 27000/2 policy template is a complete and comprehensive and may be used to jumpstart your efforts to adopt ISO 27000 as the framework for information security. Also check out the ISO 27002/HIPAA Security Matrix now available as a download. A terrific reference as you look to address HIPAA Security mandates with ISO 27002 as the framework.

PCI DSS Policy Template Set

The Payment Card Industry (PCI) Data Security Standard (DSS) was developed to encourage and enhance cardholder data security and facilitate the broad adoption of consistent data security measures globally.

The ecfirst PCI DSS policy templates are based upon the 12 requirements and the associated sub-requirements of the Data Security Standard. These policies are designed for use by any organization needing to comply with PCI-DSS and are highly suitable to be tailored for broader information security policy mandates. These policies were meticulously designed by information security experts and can assist your organization in meeting the policy requirements of PCI and better securing your organization.

Quick Reference Cards

The ecfirst Quick Reference cards are a fast way to gain information about key regulations and standards. Be it HIPAA, HITECH or the ISO 27000 – you will find the ecfirst Quick Reference Cards to a valuable and handy reference to have. Download from the ecfirst Resource Center @ .

Cyber Security Strategy: Enabling a Resilient Security Program – PDF

Authored by cyber security and compliance expert, Uday Ali Pabrai, this is a terrific executive brief that provides actionable information for enabling a resilient enterprise security program. It addresses questions such as – What are the risks to sensitive business information and the associated vital assets?What are your security blind spots?

Cyber security is about applying the appropriate defense to protect your critical business assets. Businesses today are highly dependent on technology to deliver services, interact with customers and manage a supply chain. What is your security strategy to ensure that you maintain a reasonable level of vigilance against cyber threats? The brief introduces the four laws of information security – these laws provide insight that is valuable for organizations to develop their security strategy. Download this Executive Brief exclusively at the Resource Center @ .

ecfirst Differentiators


ecfirst combines state of the art tools, a highly credentialed staff, and reporting that maximizes value, efficiency, and information for our clients to deliver the industry’s best compliance and information security solutions.

Critical ecfirst differentiators include:

  • Highly credentialed professional team
  • Deep experience with multiple industries and government agencies
  • Policies tailored to address specific regulatory mandates
  • Compliance based technical vulnerability assessments
  • Executive dashboards that are tailored for senior management to quickly highlight critical findings

ecfirst utilizes tools that are constantly updated to ensure that clients are aware of all of the vulnerabilities on their networks and systems. These include technical vulnerabilities all the way up to “zero day attacks”, DNS vulnerabilities, Active Directory and database vulnerabilities, as well as information available in the public domain about our clients.

ecfirst deploys only highly credentialed and veteran experts to client sites to perform risk analysis and technical vulnerability assessments. ecfirst engineers possess certifications such as CISSP, CISA, and CEH and have performed numerous assessments at clients spanning multiple industries. Our engineers understand the sensitivity and criticality of your systems!

Our clients benefit from the most useful reports in the industry. ecfirst provides our clients with descriptive reports that contain real world recommendations. Sections are included for both executive level audiences and the most technical engineer. Executive summaries draw out the most critical and pressing issues for quick comprehension and dissemination.

Contact Us

Please contact Kris Laidley at +1.515.987.4044 ext 25 or to learn more about the ecfirst bizSHIELDtm TRACER Risk Analysis solution to address critical compliance mandates. We would like to understand the regulations that impact your organization as well as your security challenges to determine how ecfirst can augment your efforts to achieve compliance with federal and state mandates..

Talk to us – you will find us to be a partner you can trust.

About ecfirst

ecfirst delivers world-class information security and regulatory compliance solutions. With over 1,600+ clients, ecfirst was recognized as an Inc. 500 business – America’s Top 500 Fastest Growing Privately Held Business in 2004 – our first year of eligibility. ecfirst assists organizations with their compliance initiatives for a secure information infrastructure that is compliant with regulations such as HITECH, HIPAA, ISO 27000, or federal and state legislations (such as California or Massachusetts).

We deliver value with intensity and are paranoid about our performance for your organization.

ecfirst serves a Who’s Who client list that includes technology firms, numerous hospitals, state and county governments, and hundreds of businesses across the United States and abroad. A partial list of clients includes Microsoft, Symantec, HP, McKesson, EMC, IBM, Principal Financial, U.S. Army, U.S. Dept. of Homeland Security, U.S. Dept. of Veterans Affairs and many others. Talk to ecfirst and you will find an organization that is passionate about the services we deliver and exceptionally devoted to its clients. For more information, please visit