Evaluate an application or system’s security controls by utilizing the Application Security Questionnaire (ASQ).
The Application Security Questionnaire (ASQ) is a self-assessment tool for vendors to complete that will allow healthcare provider organizations or other product purchasers to assess the core security controls inherent within an application or system that will create, receive, maintain, or transmit ePHI.
This tool will enable healthcare provider organizations and purchasers to better understand the security controls offered and thus assist the organization in assessing the vulnerabilities and risks associated with the use of a particular application or system.
Past work group chair Tom Walsh says, “Many provider organizations may wish to include the ASQ into their Request for Proposal (RFP) and vendor selection process. It’s important to assess the security capabilities early in an application’s lifecycle, rather than trying to implement additional controls after go-live.” Additionally, the ASQ could also be used to assess the vulnerabilities and risks associated with the use of an existing application or system. As always, risk management should be ongoing throughout the product lifecycle.