Tag: federal exchange

SSAE 16 and the Federal HealthCare Exchange

With the issues surrounding HealthCare.gov and the various contractors who played a role in the development, one question that comes to mind is: How many of the over 50 companies contracted had an SSAE 16 (SOC 1) audit performed over the services they were providing? This is important to know and could be part of the reasons why the development efforts appear to have fallen short of best practices. The standard change management / development process should flow accordingly: Define scope of the project or individual change / fix planned for development Review of the request and development plan by a committee to validate the appropriateness, priority, and potential conflicts that could arise. If approved, determine a high level development plan including dependencies and interfaces, create test procedures to validate the change, and roll back procedures. Complete the development / coding required. Development and end users perform robust testing / QA based on the test procedures and their standard use of the application. Project manager or appropriate Management personnel perform a final review and approve for promotion into production or main branch of the application (if multiple concurrent changes being made). Validate functionality of application post-implementation to further ensure no issues exist. From the information currently available it appears that in the rush to meet Organizational goals and tight deadlines, steps 5-7 were performed hastily leading to unexpected issues once the system went live. It was even mentioned that basic Alpha testing of the entire exchange ecosystem was barely completed

Read More »

Get Our Emails

SOC Reporting Guide

Popular SSAE Resources

SOC 2 Cheat Sheet

Unlock your understanding of SOC 2 with this cheat sheet by SANS. Ideal for auditors, executives, and sales professionals. Download now

Read More »