clearwatercompliance.com

Controls include data protection and encryption, access controls, virtual network segmentation and protection, system hardening (secure configuration), log management, aggregation, analysis and monitoring control effectiveness. It will help to rely on a control framework such as the NIST Special Publication 800-53[ii] and the NIST Cybersecurity Framework, HITRUST Common Controls Framework (HITRUST CSF), International Organization for Standardization (ISO®) 27000 series, and the Center for Internet Security (CIS) controls. HIPAA regulations and guidance from the department of Health and Human Services (HHS) and the OCR do not specify a framework required for risk analysis and risk management; however, Clearwater believes the Special Publications from the National Institute for Standards and Technology (NIST) are best suited for the program. To assess risk, you must catalog your organization’s assets, document the threats to those assets, document the vulnerabilities to those assets, and the effectiveness of the controls in place to reduce the likelihood negative events will happen, and impact of those events.

– Clearwater, the leading provider of Enterprise Cyber Risk Management and HIPAA Compliance solutions for the healthcare industry, announced today new innovations being introduced as part of the forthcoming 6.0 release of its flagship software product IRM|Analysis. Used by many of the nation’s largest health systems, major physician groups, leading health IT companies, and other business partners, IRM|Analysis has become the healthcare industry’s gold standard for performing a comprehensive, efficient, by-the-book risk analysis and managing risks on an ongoing basis since the first release of the product nearly ten years ago. In 2019, we advanced IRM|Analysis with our patented Component Expert System technology, providing customers with a more intelligent view into all of the processes, people, locations, and technology that can pose a data security risk to an information system.,” says Jon Stone, Clearwater’s Chief Product Officer and the lead architect behind IRM|Analysis. Through integration with ServiceNow’s IT Asset Management solution, which a growing number of healthcare organizations use to maintain their asset inventory, IRM|Analysis enables users to address the first steps of the risk analysis process in a more rapid and automated manner.

Determining the likelihood and impact, however, requires careful analysis of controls in place for that asset by an expert analyst, and it can be a time-consuming, subjective and error-prone process. Clearwater has developed a Predictive Risk Rating capability in its IRM|Analysis® SaaS platform, driven by AI and powered by the insight of the company Available to all subscribers in the 6.0 release of IRM|Analysis, this next generation functionality will enable healthcare cyber risk professionals to more accurately and efficiently rate risk via system recommendations. Join us on April 22 as Clearwater Chief Product Officer Jon Stone provides an overview of the new IRM|Analysis Predictive Risk Rating capability.

With the introduction of new Peer-to-Peer Benchmarking capabilities in the 6.0 release of IRM|Analysis®, Clearwater is helping answer that question. Delivered through the CyberIntelligence Dashboards in the software and available to all Gold and Platinum subscribers beginning March 17, the new benchmarking capabilities empower healthcare organizations to compare their performance across key risk analysis and risk management metrics to relevant peers. * The percentage of risks greater than or equal to the defined threshold The percentage of controls that are missing or deficient for risks greater than or equal to the threshold Join this 30-minute webinar to get a closer look at this new capability and the power of IRM|Analysis.