top of page

Security Risk Assessments (SRA)

Most industries have regulatory requirements pertaining to security and one of the key compliance facets is for an organization to complete a Security Risk Assessment on its security program, leadership, teams, policies, procedures, infrastructure, culture, and initiatives. BluTinuity has deep experience evaluating the current state against Information Security Frameworks for compliance, such as the HIPAA Security & Privacy Rules, NIST Cybersecurity Framework, ISO 27000, AICPA SOC-2 Trust Services Criteria, and the State of New York Cybersecurity Requirements. We can provide an assessment that is right-sized for your organization, that may include the following aspects:


  • NIST Cybersecurity Framework Assessment

  • HIPAA Security Risk Assessment

  • HIPAA Privacy Rule Assessment 

  • SOC-2 Trust Services Criteria Readiness Assessment

  • NIST SP800-53 Controls Assessment

  • NIST SP800-171 Controls Assessment

  • FIPS-199 Potential Impact Assessment

  • FIPS-200 Minimum Security Requirements for Information Systems Assessment

  • Gap Assessment Against State Cybersecurity Requirements

  • Review of Security and Privacy Policies and Procedures

  • Interviews with Key Leaders from Information Technology, Information Security, Human Resources, Physical Facility Operations, and Others as Appropriate

  • Examination of Data Center, Server Rooms, and Infrastructure Locations

  • In-depth Review of Specific Application Security Features

  • Development of Data Classification Schema

  • Information Security Program Analysis against One of the Information Security Frameworks Listed Above

  • Prioritization of the Gaps and Recommendations

  • Development of a Security Risk Assessment Report Suitable to Meet Appropriate Audit & Compliance Requirements

  • Development of an Information Security Program Remediation Plan

bottom of page