VPD supports the Department of Health and Human Service (HHS) Office of Planning, Research, & Evaluation (OPRE) as they execute various IT and data security functions for complex and transformational health related programs. We incorporate configuration management, risk assessment, requirements development and data science & analytics, to include governance oversight and Authority to Operation (ATO)/data security of IT systems.
As stewards of these tools and processes, VPD helps OPRE to shepherd disparate elements of complex research projects through various approvals, which involve tracking of sensitive data from large-scale studies.
VPD brings a deep understanding of the mission space, and aptly supports HHS OPRE with identifying and implementing best practices for system owner data security requirements (standard operating procedures, risk-based decision making, business impact assessments). We understand what works best for our Federal partners, and work to provide customized approaches to data collection, storage, and analysis activities, supporting the classification of data in compliance with industry best practices and Federal regulations and law. From these assessments, we recommend strategic security and privacy controls and risk mitigation strategies to ensure compliance.
VPD has been successful in obtaining three Authorizations to Operate (ATO) for many OPRE systems, and one Acceptable to Use (ATU) designation, refining and streamlining the ATO/ATU process through coordination of critical artifacts between federal program managers, security, and vendors. VPD’s expertise in the knowledge and translation of security requirements between the systems owners, security, and vendors, has positioned us as trusted advisors in this ecosystem.
IT and data security are critical elements of VPD’s ongoing support at OPRE. We work to evaluate potential IT projects and flag any security concerns that arise. VPD also works with privacy personnel to identify NIST controls, review vulnerability scans provided by the vendor, and provide guidance to federal management regarding the risks of implementing a system without an ATO.
VPD develops tools, templates, and procedures to improve efficiency and effectiveness in various data security and privacy approval processes. This includes resources associated with data security and privacy, data systems, applications, and other tools. This includes System Security Plans, Incident Response, Configuration Management, Risk Assessment, Contingency Plan and related documents.
VPD offers expert security assistance to OPRE on various data security governing authorities, processes and rules including: the Federal Information Systems Management Act (FISMA), the Federal IT Acquisition Reform Act, FIPS 199, NIST 800 series, Risk Assessments, FedRAMP, the certification and accreditation (C&A) process, the authority to operate (ATO) process, and the Enterprise Performance Life Cycle (EPLC) that helps govern implementation of the above.
As stewards of these tools and processes, VPD helps OPRE to shepherd disparate elements of complex research projects through various approvals, which involve tracking of sensitive data from large-scale studies.
VPD brings a deep understanding of the mission space, and aptly supports HHS OPRE with identifying and implementing best practices for system owner data security requirements (standard operating procedures, risk-based decision making, business impact assessments). We understand what works best for our Federal partners, and work to provide customized approaches to data collection, storage, and analysis activities, supporting the classification of data in compliance with industry best practices and Federal regulations and law. From these assessments, we recommend strategic security and privacy controls and risk mitigation strategies to ensure compliance.
VPD has been successful in obtaining three Authorizations to Operate (ATO) for many OPRE systems, and one Acceptable to Use (ATU) designation, refining and streamlining the ATO/ATU process through coordination of critical artifacts between federal program managers, security, and vendors. VPD’s expertise in the knowledge and translation of security requirements between the systems owners, security, and vendors, has positioned us as trusted advisors in this ecosystem.
IT and data security are critical elements of VPD’s ongoing support at OPRE. We work to evaluate potential IT projects and flag any security concerns that arise. VPD also works with privacy personnel to identify NIST controls, review vulnerability scans provided by the vendor, and provide guidance to federal management regarding the risks of implementing a system without an ATO.
VPD develops tools, templates, and procedures to improve efficiency and effectiveness in various data security and privacy approval processes. This includes resources associated with data security and privacy, data systems, applications, and other tools. This includes System Security Plans, Incident Response, Configuration Management, Risk Assessment, Contingency Plan and related documents.
VPD offers expert security assistance to OPRE on various data security governing authorities, processes and rules including: the Federal Information Systems Management Act (FISMA), the Federal IT Acquisition Reform Act, FIPS 199, NIST 800 series, Risk Assessments, FedRAMP, the certification and accreditation (C&A) process, the authority to operate (ATO) process, and the Enterprise Performance Life Cycle (EPLC) that helps govern implementation of the above.