Clearwater Enterprise Cyber Risk Management System™


Designed for the Needs of Healthcare Providers from Small Regional Hospitals to the Largest IDNs

Interested in a live demo?

Implementing a strategic and comprehensive enterprise cyber risk management program is the only way to ensure effective cybersecurity.

A critical first step in this process is selecting the right digital tools to underpin those programs.  IRM|Pro is a scalable SaaS based solution enabling healthcare organizations of all sizes to underpin their cyber risk management program with our best-in-class ECRMS.

Manage Cyber Risk Right.

Clearwater’s IRM|Pro™ was the only user accessible software I found that operationalized the NIST framework through automation and made it manageable to apply across our assets. I could not find another vendor providing this type of software solution targeted at risk assessment automation.
Mitch Thomas, Chief Security Officer, Emcompass Health


Enterprise Cyber Risk Management & HIPAA Compliance Software Suite

The Newest Features Of IRM|Pro™ Offer:

CyberIntelligence™ Dashboards

Gain actionable insight into the most critical vulnerabilities, control deficiencies and the remediation.  Get real-time, updates on risk analysis progress, risks above threshold, control deficiencies, and risk mitigation status. Know where the biggest exposures lie and where action can make the most meaningful impact.

Enterprise Collaboration

Assign tasks such as control evaluations and risk mitigation action items. Users can view and update work performed on their tasks and risk managers can monitor status, send reminders, and get up to date reports on progress.

  • Increased operational efficiency and high-performance enhancements with a refreshed interface offering seamless navigation and multiple browser support, enabling users to run analytics in real time from anywhere.
  • Advanced dashboards with configurable views and reporting capability providing visibility into a hospital system organization and enabling users to determine exposures.
  • The Entity Hierarchy feature (for large health systems) providing for the cascading and inheritance of data from parent to child entities, saving hours of data entry time.

Find the IRM|Pro™ Edition That is Right for You.


Single Entity subscription for community hospitals, small regional hospitals, small medical practice groups, and business associates.

  • IRM|AnalysisTM Enterprise Cyber Risk Management System providing OCR-quality risk analysis, vulnerability and threat assessments, risk response, and risk reporting for a single entity organization

  • Identify risks and analyze an unlimited number of information assets

  • Standard Reporting and CyberintelligenceTM Dashboard


Our most popular Edition, intended for regional or multi-site hospitals, small IDNs, large business associates, medical practice groups, and other covered entities.

  • Everything included in Silver Edition
  • IRM|AnalysisTM for up to 5 or 10 entities
  • Entity Hierarchy: Risk analyze information assets at the “parent” host data center(s) and distribute information to “child” entities, while also maintaining separate risk analyses for each entity
  • Enterprise Collaboration: Organize and assign tasks, view work queues, send reminders, and get up to date progress reports
  • Premium CyberintelligenceTM Dashboards


Enterprise functionality and a dedicated server designed for large IDNs and other covered entities.

  • Everything included in Gold Edition
  • IRM|AnalysisTM for 20 or more entities
  • IRM|PrivacyTM, IRM|SecurityTM, IRM|FrameworkTM, IRM|MaturityTM subscriptions
  • Dedicated server instance hosted by Clearwater
  • Discounted price on Single Sign On (SSO) authentication
  • Premium Plus+ CyberintelligenceTM Dashboards
Silver Gold Platinum
Entities Allowed 1 5 or 10 20+
CyberintelligenceTM Dashboards Standard Premium Premium Plus
Information Assets Unlimited Unlimited Unlimited
IRM|AnalysisTM: Risk Analysis, Risk Response & Risk Monitoring
Enterprise Collaboration Upgrade
Entity Hierarchy N/A
IRM|SecurityTM, IRM|PrivacyTM, IRM|FrameworkTM, IRM|MaturityTM Upgrade Upgrade
Dedicated Service Instance N/A Upgrade
Single Sign On (SSO) N/A Upgrade Upgrade
Learn More

IRM|Pro™ Enterprise Cyber Risk Management Software

Clearwater’s IRM|ProSaaS system facilitates and strengthens an organization’s compliance and cyber risk management program by providing an automated, scalable process for assessing, remediating and monitoring the level of the organization’s HIPAA compliance and information security while maintaining the evidence necessary for an audit or investigation.

IRM_Analysis_tm_500 IRM_Privacy_tm_500 IRM_Security_tm_500 IRM Framework IRM Framework
Regulatory Compliance Risk Analysis for HIPAA, Meaningful Use, PCI DSS, FERPA, GLBA HIPAA Privacy & Breach Notification Rules OCR Audit Protocol HIPAA Security Rule OCR Audit Protocol NIST CSF HIPAA Security Rule not applicable
Governance Manage Framework & Risk Appetite Prioritize and Monitor Remediation Prioritize and Monitor Remediation Facilitate NIST CSF Adoption Benchmark Board and Executive Oversight
Compliance Audit Meet Explicit Security Rule Risk Analysis & Risk Management requirements Facilitate Comprehensive Mock Audit Facilitate Comprehensive Mock Audit Facilitate Current State Assessment Establish Evidence of Oversight and Responsibility          OCR investigation
Compliance Gap Assessment Meet Specific Requirement in Security Rule Meet Best Practice and Evidence of Good Faith Effort with Assessment Wizard Meet Specific Requirement in Security Rule with Assessment Wizard Determine Current State Assessment Determine Current and Desired Level of Maturity
Threat and Vulnerability Analysis Clearwater Expert Pre-populated System  not applicable not applicable not applicable Identify Exposures in Core Maturity Capabilities
Control Assessment Based on NIST HIPAA Privacy and Breach Notification Rules HIPAA Security Rule COBIT, CCS CSC2, IEC62443, ISO 27001 and NIST 800-53 Based on NIST
Documentation Information System Inventory; Cumulative record of risk management program Policies and Procedures and other Evidence of Practice; Cumulative record of compliance Policies and Procedures and other Evidence of Practice; Cumulative record of compliance Program maturity Evidence of Practice to Ensure Responsibility, Repeatability, and Improvement
Project Management Risk Response Compliance Remediation Compliance Remediation Plan of Action & Milestones to Future State RoadMap to Desired State
Reporting Robust Enterprise Dashboards & Reports Suite of Audit-Ready Reports Suite of Audit-Ready Reports Metrics and Scorecard Current State Scorecard & Suite of Reports
Learn More! Learn More! Learn More! Learn More! Learn More!

HIPAA Compliance and Cyber Risk Management Is Complex…Becoming And Remaining Truly Compliant Doesn’t Have To Be.

IRM|Pro™ implements the risk management process of NIST’s Cybersecurity Framework, and fully adheres to guidance documents and audit protocols published by the Office for Civil Rights.

Contact Us Today!

Are You Confident In Your Cyber Risk Management Program?

Let Clearwater’s leading Enterprise Cyber Risk Management System give you the peace of mind that comes with the nation’s most comprehensive and systematic approach to HIPAA and cyber risk management.
Contact Us Today!

Clearwater Is Trusted By Hundreds Of Hospitals & Health Systems