Day 43 — Sprint #6!
As Sprint #6 kicks off, I’m equally excited at the thought of wrapping up our core administrative Data Security work as I am daunted by the tedious tasks that remain. My goal this week is to just power through and put a bow on these efforts so I can call it done (or at least, good enough for now..).
Sprint #6 Work
The bulk of the remaining work on our HIPAA Compliance activities is a bunch of tasks I created early on in this journey:
- Vendor Management is ensuring we have data processing agreements with ALL our vendors.
- Asset Management is cleaning up our systems to be sure we’re not storing sensitive data in any non-HIPAA systems (e.g., cleaning up Mailchimp).
- HR Security is generating a few onboarding documents.
- IAM is Identity and Access Management and its making sure the right people have access to out systems (and no more / no less).
- Risk Management is cleaning up 1 more task on the Risk Analysis.
The end is near! (in a good way).
Today was pretty frustrating! I didn’t get accomplished nearly what I had hoped to. Here’s what I did.
Asset Management — Cleaning up Google & Dropbox
Note to future self: pick a single system of record and stick to it. The challenge I have right now is that I have files stored in both Drive & Dropbox, which is generally fine but not ideal for maintaining a single source of truth — or for keeping costs down and maintaining good security.
After cleaning up my file folders, I updated the access permissions for each of them and started the process of consolidating them. The problem I’ve run into is that my file sizes are huge — mainly from our videos on the Invincible Kids Network — so transferring folders is taking hours. I’m considering abandoning the effort given the time it’s taking, but I’m hoping to give it one final shot tomorrow.
IAM — Password Management
Sick of waiting for files to transfer over, I started cleaning up the access management issues to my systems, specifically through LastPass, where we’ll manage our passwords going forward. I’m hoping this will make the identity and access management challenge much easier to manage.
I’m hoping to wrap these 2 activities up tomorrow so I can have a decent shot at wrapping up these stories this sprint.