BlueCross BlueShield
Snapshot:
BlueCross BlueShield of Illinois and North Dakota are independent licensees of the BlueCross BlueShield Association, together providing health insurance to more than 7 million in the upper Midwest.
Claims Paid:
$1 Billion+ (2005)
Employees:
Approx. 8,600 (2005)
Client History:
Since 2004
Mission:
IT auditing, hardening, systems security and administration under Linux, Windows and Novell
Environment:
RedHat SuSE Linux, Windows 2000/2003 Server/Domain Controller, Novell Server, Active Directory, mySQL, Perl, UNIX Shell, SOX, HIPAA, COBIT, STIG, PMBOK
|
 |  | |
Helping Keep Blue Better
"A Legacy of Trust, A Reputation for Value"
When it comes to consistently providing the best value in health insurance, UPP Business Systems has been helping BlueCross BlueShield of Illinois and BlueCross BlueShield of North Dakota ensure that "Blue is Better" for their customers. Serving 75% of the population in North Dakota and another 6.5 million citizens in Illinois, the two companies are independent licensees of the national BlueCross BlueShield Association, which provides healthcare coverage for more than 90 million Americans - nearly one third of the population.
UPP Business Systems has been assisting BlueCross BlueShield of North Dakota as well as BlueCross BlueShield of Illinois with Information Technology auditing and hardening efforts, in response to recent Sarbanes-Oxley (SOX) legislation concerning corporate governance and financial controls, as well as Health Insurance Portability and Accountability Act (HIPAA) requirements, concerning national standards for electronic data interchange, security and privacy of health care data.
Responsible for IT auditing, systems security and administration at BlueCross BlueShield North Dakota, with requirements including hardening according to the Department of Defense Security Technical Implementation Guide (STIG). Brought 112 RedHat Enterprise SuSE Linux Enterprise servers in compliance with STIG requirements. Developed Disaster Recovery Plan in accordance with DoD STIG and HIPAA requirements. Developed automation and maintenance scripts using Perl, UNIX Shell and mySQL. Conducted testing, and created process documentation as well as training materials for future compliance checking.
Focused on the Windows/Novell environment at BCBS North Dakota, also created Registry, Group Policy and NDS settings for enforcement of DISA security requirements on 1,000 Windows 2000/2003 Member servers, 8 Windows 2000/2003 Domain Controllers, and 76 Novell servers. Additionally created secure GPOs; developed batch files and scripts for automated Active Directory compliance; and developed baseline documentation and procedures for Novell/Active Directory. Integrated solutions and implemented procedures in Production environment. Formulated failover solutions.
In similar such efforts for Blue Cross Blue Shield of Illinois responsible for IT auditing of the BCBS environment, including applications, data centers, telecommunications, non-automated processes, etc. Conducted review and evaluation of Enterprise project Business Cases and assigned formal ratings. Also reviewed and evaluated IT project management processes according to the Project Management Institute's Project Management Body of Knowledge (PMBOK) and COBIT Framework on project management. Mentored staff on COBIT as well as SOX "best practices."
Links external to the company will open in a new window.
|
|
• 