SSO Best Practices Tip

In this compliance and security tip, let us examine best practices to guide initiatives for enterprise SSO solutions. Any SSO solution being designed should take into account the following best practice recommendations:

• Authentication Type
• User Enrollment Process
• Self-Service User Capabilities
• Application Support
• Compliance Initiatives

Authentication Type
Strong authentication is not a requirement when implementing SSO, but should be seriously considered. Obviously, the number of passwords that the user has to remember decreases significantly with an SSO solution. It is important to consider strong password or strong authentication options such as tokens, biometrics or smart cards, potentially combined with a PIN.

User Enrollment Policy
A good SSO solution provides for a mix of user-controlled and administrator-controlled account management.

Self Service User Capabilities
In order to reduce Help Desk costs and increase employee satisfaction, SSO solutions should support self-service capabilities. With this technology in place end users may retrieve their SSO login information themselves without generating a call to the administrator or Help Desk even if they do not have access to the authentication device. The objective is to implement a robust SSO solution – one that does not become a burden to the IT department, yet delivers a strong level of security and identity protection.

Application Support
The SSO solution should deliver a seamless login experience regardless of the type of application being accessed. From legacy terminal emulators to web front end 3 and 4 tier applications, an enterprise quality SSO delivers a consistent user experience and excellent security functionality.

Access Logging
Compliance with legislation and standards requires comprehensive access logging capabilities. An SSO can assist in determining who accessed what application when and from where to support incident management and access requirements.

Redundancy
Once your users begin to enjoy SSO functionality, they will quickly come to depend on it. Don’t let them down because of unexpected downtime. An unplanned downtime incident will result in Help Desk calls and user dissatisfaction. Make sure that the SSO solution you choose supports active failover and redundancy, perhaps even across geographically disparate offices.

ecfirst, an Inc. 500 business with over 1400 clients, delivers expert solutions in the areas of SSO, identity management and context management. The ecfirst solution is focused on working collaboratively with your organization to conduct a rapid assessment and planning workshop to establish and document critical requirements. This provides the foundation to identify appropriate vendor and product solution options for the implementation of an SSO system. Additionally, ecfirst can provide complete project management services including RFP creation, arranging for product demonstrations, on-site evaluation, deployment, implementation and training to meet your specific application and system requirements.

Our solution is based on an initial 2-day On-Site SSO Assessment Workshop to review your business and technology requirements and establish core parameters for an enterprise SSO initiative. The ecfirst team consists of credentialed professionals with years of experience designing and successfully implementing SSO, and identity management solutions.

For a customized proposal or to schedule a 2-day SSO workshop at your site to establish requirements, document your current state and desired SSO end-state, please contact Lorna Waggoner, Director of Business Development at 877.899.9974 x17 or at Lorna.Waggoner@ecfirst.com . We spend no more than 2 days on-site and then develop a comprehensive report including; enterprise SSO requirements, a sample RFP for your use, and critical next steps.

Get HIPAA Certified On-line! CHP Exam is Now On-line!

HIPAA Academy, the industry’s leading provider of HIPAA training, certification and consulting, has made available on-line the content and exams for HIPAA Academy’s Certified HIPAA Professional (CHP) and the Certified HIPAA Security Specialist (CHSS). Recent clients include many hospitals, long term care organizations, BCBS, claims processing and other business associates and includes leading firms such as IBM, HP, E&Y, Kaiser Permanente and others. For a Review the content and take the exams on-line. Get certified. For details, please visit www.HIPAA Academy .Net .

For more information visit www.aha-solutions.org , contact Lorna Waggoner at 1.877.899.9974 x17 or visit www.HIPAAAcademy.net

HIPAA Tip

Compliance Portal Delivers 1-Click Access to Regulations!

ecfirst, an Inc. 500 business with over 1400 clients, has launched the industry’s most comprehensive compliance and security portal . Please visit www.ecfirst.com and click on Compliance Portal. Compliance Portal provides one-click access to all major information security and associated compliance requirements including HIPAA, PCI DSS, ISO 17799:2005 (ISO 27002), FISMA and many others. Now access the National Response Framework document from The Department of Homeland Security at www.ecfirst.com/complianceportal .

Managed Compliance Services Program for HIPAA

ecfirst is the first organization in the world to offer a scalable and flexible program to manage all your compliance and security requirements. If your organization is impacted by HIPAA, PCI DSS, Sarbanes-Oxley or other legislation, then find out how you can ensure compliance over a 36-month period with fixed monthly payments with minimal impact to your staff. Contact Lorna Waggoner, Director of Business Development, at 1.877.899.9974 x17 to learn more about the program. Or download a PDF copy of the Managed Services Compliance Program from www.ecfirst.com .

E-learning Courseware

For a free e-learning demo of ecfirst courseware in the areas of Professional Compliance, Corporate Compliance, HIPAA Compliance, Research Compliance, Accreditation or Quality Improvement , please contact Lorna Waggoner at Lorna.Waggoner@ecfirst.com .