Paul Douglas

Paul Douglas, CISA, CCSFP, is a Director in P&N's Consulting Services Group, focusing on IT risk advisory, data privacy and security strategies, and IT compliance. Paul helps clients navigate complex security and privacy laws and turn them into strategic action plans. He works with a broad base of clients in the healthcare, technology, public company, and education industries.

Paul helps clients address risk through his experience performing high value assessments and implementing risk management plans. He has experience serving clients related to a broad variety of standards, including: 

• Control Objectives for Information and Related Technologies (COBIT)
• NIST Cybersecurity Framework
• NIST 800-53 and NIST 800-171 for Controlled Unclassified Information
• The HIPAA Security, Privacy, and Breach Notification Rules
• The HITRUST Common Security Framework
• The California Consumer Privacy Act (CCPA)
• The European Union's General Data Protection Regulation (GDPR) 
• The Payment Card Industry Data Security Standard (PCI DSS)
• NIST 800-30 IT Risk Assessments
• SOC 2 for Service Organizations
  

• Education & Certifications
  • Certified Information Systems Auditor
  • Certified Common Security Framework Practitioner (HITRUST)
  • Certified Data Privacy Solutions Engineer
  • Bachelor of Business Administration, Finance, Completed the Center for Internal Auditing (CIA) Program, Louisiana State University
• Professional Affiliations
  • President, Louisiana Healthcare Information and Management Systems Society
  • Programs Chair, Healthcare Information and Management Systems Society (HIMSS) - Louisiana Chapter
  • Tech Talk Committee Chair, Association of Healthcare Internal Auditors (AHIA)
  • Article Contributor and Conference Speaker, Healthcare Financial Management Association (HFMA)
  • Member, Information Systems Audit and Control Association (ISACA)
  • Member, Institute of Internal Auditors (IIA)