A hospital providing holistic healthcare to patients in Hong Kong
 
Size200 staffs

Service
IT Audit and Assessment with Follow-up Services

Challenge
With a number of 100+ hospitals and clinics in diverse locations, the company has been struggling for many years to centrally manage the information security and to standardize the operation procedures. Due to the lack of resource, hardly can the company spot out the potential vulnerability without regular review mechanism. Therefore, Ringus engaged to perform an one-off and in-depth assessment, and pinpoint improvement areas within the information system.

After the on-site assessment, Ringus identified large amount of security vulnerabilities and operational deficiencies, in which IT Team might not have sufficient resource to fix the problem in the short run.
 

Solution

• Identified network security vulnerabilities and provided technical recommendations
• Evaluated and commenced internal and external security controls
• Provided one-year implementation plan: Document Management System and Workflow System enhancement 
• Provided project management consultation, including project progress, budget, and timeframe.

Result
Through a series of on-site interviews, our security experts have tailor-made a one-year step-by-step implementation plan for the company to perform remediation actions, along with continuous advisory from Ringus. High-priority risk items have been addressed with appropriate corrective actions to prevent the company from security risk exposure in the short run.

In the long run, to reduce the workload of the IT Team, Ringus not only provided suggestions and alternatives for the companies to consider, but also helped integrate the Information Security Management System into the operational workflow in diverse locations.
 
Follow-up
After the assessment, Ringus has consistently updated the remediation process with the company and continually provide implementation advisory mentioned in the assessment report.
An introduction of the standardized policies and procedures has been brought to ensure appropriate security level of information handling in the daily operation.

Benefit 
The one-year implementation roadmap is embedded in the assessment report in a manner that our client can easily follow the remediation plan according to the severity level assigned.

Our team continues to work closely with our client, providing the best managerial and technical implementations advisory that are in line with client’s missions and visions.