Vulnerability Assessment and Risk Analysis (VARA)
The Vulnerability Assessment and Risk Analysis (VARA) looks at an organization’s information security and risk management program in a collaborative, standards-based, and compliance-aware approach. Our VARA service includes strategic, operational, and tactical assessments in order to achieve comprehensive risk mitigation.
Progressive healthcare organizations perform a Vulnerability Assessment on an annual basis, often in conjunction with a Risk Analysis, resulting in the creation of a remediation plan. Our cyber security professionals have deep expertise and are armed with the latest scanning tools and techniques. This gives us the most meaningful and accurate vulnerability intelligence for risk analysis and remediation planning.
During the course of a VARA engagement, we will:
- Map vulnerabilities identified to both HIPAA (as amended by HITECH and the Omnibus 2013 Final Rule), NIST Cybersecurity Framework and the HITRUST CSF
- Draft a comprehensive Report of Findings incorporating practical, real-world remediation recommendations
- Present findings and recommendations in stakeholders’ briefing session(s)
- Provide subject matter expertise for senior management decisions, regarding risk
- Assist with alignment of strategy, business objectives, and information assurance
Get the structure, detail and clarity that you need to:
- Evaluate HIPAA/HITECH compliance
- Document current state of security controls
- Meet the requirements associated with Meaningful Use
- Identify gaps that pose true business risk
- Create a practical remediation roadmap
- Establish a sustainable operating model for information security and privacy
- Further relationships based on trust and confidence with its clients and business partners.