Security Risk Analysis
Certification and Regulatory Compliance
An accurate assessment of potential risks is essential to your entity’s health in relation to ongoing compliance with information security regulations and standards. Whether you’re a covered entity or business associate subject to HIPAA, or an organization looking to certify for ISO or SOC, Apgar & Associates, LLC’s Security Risk Analysis (SRA) services help your organization reduce the risk of non-compliance with Security Rule requirements, meet MACRA requirements for an SRA, and protect you from other threats such as legal risk and other tangible and intangible costs. The security risk analysis is also an essential step in checking the strength of your security protocol and preparing for ISO or SOC 2 certifications.
The HIPAA Security Rule: A reminder
If you use, disclose or store ePHI (electronic Protected Health Information), HIPAA’s Security Rule mandates that covered entities and business associates periodically conduct a Risk Analysis. The Security Rule describes the Risk Analysis as including “an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity and availability of electronic Protected Health Information.” This mandate also applies to non-electronic PHI per the HIPAA Privacy Rule.
Security Risk Analysis Activities
Whether you’re a hospital preparing against an OCR HIPAA Audit, or you’re preparing for SOC 2 certification, the SRA Cycle is surprisingly similar:
- Prioritized asset inventory review
- Threat and vulnerability identification
- Existing security control evaluation
- Impact and cost assessment
Security risk analysis techniques are applicable across industries and sectors. Once your risk analysis is complete, we classify and identify your risks as high, medium or low. You then receive a Risk Analysis Report to use as a tool to plan risk mitigation and present strategies to senior management. We’ve provided Simplified Risk Analysis guidelines here.
Turn Security Risk Results into Risk Mitigation & Management
After the Risk Analysis, Apgar & Associates can help you turn the results into a Risk Management action plan, which will allow you to move your entity from risk-vulnerable to risk-managed, using step-by-step risk mitigation activities.
Apgar & Associates’ privacy and security experience stems from years of working with covered entities and business associates, financial firms and digital application developers, single professional offices to multi-national corporations.
For more information about our Risk Analysis services, contact us via email or at 503.384.2538.