Respond to Risks.

Protect Your Information.

Risk response is part of an ongoing process of managing risks identified during risk analysis and a key step in the overall NIST Risk Management Process.

Responding to risks in a methodological manner with adequate identification of owners, alternatives considered, documented decisions, and implementation planning is required under the HIPAA Security Rule.

Promoting Interoperability (formerly Meaningful Use) attestation also requires providers to implement security updates, as necessary, and correct identified security deficiencies as part of a risk management process.

Clearwater Risk Response WorkShop™

Clearwater’s experts utilize Clearwater’s proprietary WorkShop™ process that, not only delivers results, but educates teams to become self-sufficient.

  • Leverages risk analysis data populated in Clearwater IRM|Analysis™ software
  • Based on careful study of the explicit HHS/OCR Guidance and NIST SP800-39 – Managing Information Security Risk

Why is Risk Response Important?

The HIPAA Security Rule not only requires the completion of a periodic risk analysis, it requires that action be taken to address risks (45 CFR §164.308(a)(1)(ii)(B):

Risk management (Required). Implement security measures sufficient to reduce risks and vulnerabilities to a reasonable and appropriate level to comply with § 164.306(a)

Increasing reliance on electronic information, interoperability, and data sharing make effective risk response critical in the face of a rapidly expanding threat landscape for sensitive information.

Responding to risks can also help to protect your revenue and reputation. Greater enforcement by Federal and State agencies mean organizations are facing significantly greater civil monetary penalties.

Key Risk Response WorkShop™ Features

Methodology strictly based on NIST Cybersecurity Framework

Leverages the full power of the IRM|Analysis™ software

Introduces your team to a workflow for completing a NIST-based risk response process

Results in the documentation of a course of action to reduce risks you elect to mitigate based on effectiveness and feasibility

Drives the process and provides historical documentation of alternatives considered, investment options, decisions made, tasks assigned, and responsible parties

Enables project management of implementation tasks through completion

Fixed price, so there are no cost surprises

At your option, complete the work under direction of outside counsel

Periodic project status reports; risk response planning executive summary report

Key Risk Response WorkShop™ Benefits

Be Clear: De-mystify a complex process by using a by-the-book approach and obtain management approval of a risk response process and procedure

Be Confident: Utilize a proven approach and methodology used by 100s of organizations

Be Thorough: For all risks exceeding your risk threshold, evaluate alternatives, associated costs and, effectiveness

Be an Informed Decision Maker: Readily identify security investments providing the highest ROI by reducing high-ranked and/or multiple risks

Be On-Record: Document alternatives considered and decisions made to provide evidence of good faith effort

Become Self-Sufficient: Your team will learn a repeatable, sustainable process to manage your information security risks

Be Diligent: Collaborate, create, document, and execute on a detailed implementation plan for alternatives elected

Interested in how we can help your organization with risk response?