The Benefits of Third Party Verification and Validation

Recent regulatory initiatives like Cybersecurity Maturity Model Certification (CMMC) highlight the government’s belief that HIPAA Security Rule self-assessment is no longer sufficient against today’s risks. To be secure and compliant, the use of a third party is essential to protect data. Like having the right answer in an algebra test, having the right security answer is not enough to pass: you need to show your work to someone who can confirm it.

Recent FTC enforcement actions, like the SkyMed case, illustrate the federal government’s focus on protecting consumer information, and its having little or no tolerance for companies that benefit from promoting false comfort by making unsubstantiated false claims of compliance and security.  

Common sense suggests that a company should display a third party’s “seal,” only if that third party has met or followed a specific set of legitimate criteria to earn the seal.

A World Without Third Party Verification and Validation Is Impossible to Navigate

A world without verification and validation seals is not very realistic – it’s a fantasy land, or perhaps more to the point, a nightmare land. Think about the types of companies that issue third party seals. Good Housekeeping issues its “Seal of Approval” to products that have undergone testing by the Good Housekeeping Research Institute, a private entity. Green Seal awards products that meet life-cycle-based criteria for sustainability. Before Green Seal declares a product as “green,” the company seeking Green Seal’s seal must submit performance testing results, labels, and marketing materials, for rigorous evaluation.

The SOC 1 report is also provided by a third party, in this case an accounting firm. Also known as the Statement on Standards for Attestation Engagements (SSAE) 18, the SOC 1 report addresses an organization’s controls that are likely to be relevant to an audit of a user entity’s (customer’s) financial statements.

These companies – Good Housekeeping, CPAs –  would not exist in a seal-less world. They would be rogue lawbreakers. 

Wait… Good Housekeeping? A lawbreaker? How…

Think this through. If verification and validation seal issuance were illegal, self-regulating organizations and third party accreditation bodies, home inspection services – in short, anyone claiming to certify, verify, or validate anything – would not exist. There would be two groups in the regulatory universe: the regulator and the regulated. The regulated would be unable to enlist the services of a third party in an attempt to differentiate their products or services, or to assist in meeting a set of criteria. The government, with its army of lawyers, could in effect fight freestyle while its regulatory targets would be left to fight with their hands tied behind their backs.

The government, of course, in our real world, is not this unfair. Indeed, federal and state governments recognize or permit third party verification and validation on a routine basis. The government has an interest in ensuring its laws are satisfied, not ignored or misunderstood by companies forced to act as their own compliance consultant/legal advisor.

What is the Benefit of Working with Compliancy Group?

  • HIPAA-required Audits, Assessments and Remediation Plans
  • Privacy and Security Policy & Procedures
  • HIPAA, Fraud Waste & Abuse Training
  • Employee Training and Attestation Management
  • Business Associate Audits and Management
  • Incident Management Module
  • Reporting and Document Version Control Module

*The Seal of Compliance is no longer offered as part of our service. We have adopted a Trust Badge that is offered for HIPAA, OSHA, and SOC 2 programs.

HIPAA Trust Badge

HIPAA Protects You

Protect your business from expensive breaches and fines!