Developed by ecfirst, is software as a service for comprehensive compliance management.

can assist with management of all core requirements of HIPAA, ISO 27001, NIST Cybersecurity Framework, and many other information security standards, with contents tailored for your organization’s needs. can also support business continuity processes by aiding in the development of items such as a robust IT Disaster Recovery Plan or thorough Business Impact Analysis.

Simple to use, this online portal empowers compliance teams as well as provides executive visibility into compliance management efforts.

Tracer

Compliance Programs

Tracer

Due to its variety in coverage, allows management and maintenance of compliance documentation regardless of the information security framework, standards, or regulations your organization is subject to.

and Data Security

ecfirst takes the protection of data you provide using the Portal very seriously. All files uploaded to the Portal are encrypted before they are stored in our private access cloud location, separate from the system itself. ecfirst follows industry best practice for encryption of sensitive data:

  • Industry standard advanced encryption algorithm AES-256-GCM
  • Automatic annual encryption key rotation
  • Limited restricted access to encryption keys
  • Limited restricted access to encrypted data
Tracer

CMMC Portal

Manage your CMMC program with the CMMC Portal. Monitor and update CMMC assessment, policy, procedure and evidence information with the CMMC Portal.

CMMC

CMMC Level 1 Products

CMMC Level 1 Products

Contingency Planning

Tracer

Contingency Planning

Manage your organization’s contingency planning documentation in to ensure readiness for unexpected occurrences and swift recovery to standard business operations.

Policy Portal

Organize your compliance and cybersecurity policies and procedures centrally on . Easily update policies and procedures, as required, to meet compliance mandates and timeframes.

Tracer

Cybermapper

View direct mappings of the requirements of one security framework to another.

Tracer

Cybersecurity Readiness

Tracer

Easily review the state of your vendors’ or Business Associates’ cybersecurity posture by utilizing the Vendor Readiness Assessment application within.

GDPR Portal

ecfirst offers a complete range of GDPR compliance solutions, including:

  • Addressing GDPR mandates
  • Comprehensive risk assessment to determine security vulnerabilities
  • Development of tailored GDPR security procedures
Tracer
Tracer

Readiness Portal

The Readiness Portal within provides organizations, whether just beginning a Self-Assessment or completing Validation and Certification, a step-by-step path toward their goal.

Dashboards

View customized, at-a-glance information pertaining to your organization’s compliance status within.

Vendor(BA) Management Portal

The Vendor (Business Associate) Management Portal allows:

Capturing basic information about vendors or business associates, including (but not limited to):

  • Name
  • Type of Service(s) provided
  • Duration of the agreement
  • Point of Contact

Capturing management information related to the vendor\BA:

  • Date of the last review
  • Who the reviewer is
  • Internal Contact for vendor\BA management

Capturing documentation related to the vendor\BA:

  • Agreements
  • Assessment reports
  • Policies
  • Other documentation
Tracer

The Portal will, based on the “Last Review Date”, email the user identified as the Vendor Manager one month prior to the one year anniversary of the last review date, reminding the user to review the vendor and documentation.

  In the News

Alaska HCCA Conference Features Pabrai Brief on HITRUST: A Global Certification Standard

  Events

Certified Cyber Security Architect℠ (CCSA℠) Confirmed with InfraGard (FBI), September 21 - 22, 2022

  Thought Leadership

Ali Pabrai, MSEE, CISSP (ISSAP, ISSMP), HITRUST Certified CSF Practitioner (CCSFP) is the chief executive of ecfirst, an Inc. 500 business. He is a highly regarded information security and regulatory compliance expert.