Security Risk Assessments (SRA)

Most industries have regulatory requirements pertaining to security and one of the key compliance facets is for an organization to complete a Security Risk Assessment on its security program, leadership, teams, policies, procedures, infrastructure, culture, and initiatives. BluTinuity has deep experience evaluating the current state against Information Security Frameworks for compliance, such as the HIPAA Security & Privacy Rules, NIST Cybersecurity Framework, ISO 27000, AICPA Trust Services Principles, and the State of New York Cybersecurity Requirements. We can provide an assessment that is right-sized for your organization, that may include the following aspects:


  • Review of security and privacy policies and procedures

  • Interviews with key leaders from Information Technology, Information Security, Human Resources, Facility Operations, and others as appropriate

  • Examination of data center, server rooms, and infrastructure locations

  • In-depth review of specific application security features

  • Development of data classification schema

  • Security Program analysis against one of the Information Security Frameworks listed above

  • Prioritization of the gaps and recommendations

  • Development of a Security Risk Assessment report suitable to meet appropriate compliance requirements

  • Development of a Security Program Remediation Plan

© 2011—2020 by BluTinuity, LLC