Security Risk Analysis (SRA) | Compliance and Security

Security Risk Analysis

protects your practice.

identifies vulnerabilities.

boosts your security posture.

satisfies ACI portion of MIPS.

includes a FISASCORE.

stress-tests your security.

Protect your organization with a Netgain Security Risk Analysis

Every organization, big or small, should be aware of their most significant information security risks. Netgain has partnered with SecurityStudio to deliver FISASCORE to identify and address information security risks through a standardized, consistent and efficient process. The FISASCORE empowers organizations to understand their information security risks and make informed decisions about how to best improve their information security posture.

> Get a free FISASCORE range to quickly gauge your security posture.

Amidst increasing scrutiny from ONC/OCR around SRA attestations, a complete and comprehensive security risk analysis from Netgain protects your practice from compliance risks and helps you avoid reduced Medicare reimbursement or reduced MIPS incentives.

A security risk analysis provides a 360-degree deep dive into your organization to address critical gaps in security that can expose your practice to real threats like data breaches, ransomware, malware system outages and malicious insiders.

Each security risk analysis includes:

A measured scorecard

An easy-to-understand executive summary

A detailed technical report

Recommendations to achieve a “best practice” or “acceptable” level of risk

A comprehensive action plan

Comparisons to industry averages

A FISASCORE

Get your security risk analysis today

Learn more about the benefits of Netgain’s Security Risk Analysis
and how we can help you protect your practice.

877.797.4700 x3
sales@netgaincloud.com

Start a Chat

Staff size (guidance)

Sites (guidance)

Additional site visit(s)*

Included (See a detailed Statement of Work for complete details)

Pre-assessment

Review of current policies and procedures

Assessment tool and findings

Policy recommendations

Review of proposal changes

Technical tools

Administrative, physical, technical (internal) and technical (external) phases

Environmental Scanning

Annual internal vulnerability scan (at time of assessment)

Annual external vulnerability scan (at time of assessment)

Quarterly external vulnerability scan (3 quarters following assessment or until next SRA)

Consultation and Training

Security Risk Assessment review and recommendations

Review of client's follow-in remediation plan and recommendations (typically at 30-60 days)

Action plan authoring and initial project plan

Quarterly Remediation Review

Essentials

Up to 50

Standard

Up to 50

Enhanced

51-150

2-3

Complete

151+

4-5

	Essentials	Standard	Enhanced	Complete
Staff Size (guidance)	X	X	X	X
Sites (guidance)	X	X	X	X
Additional site visit(s)*	X	X	X	X
Included
Pre-assessment	X	X	X	X
Review of current policies and procedures	X	X	X	X
Assessment tool and findings	X	X	X	X
Policy recommendations	X	X	X	X
Review of proposed changes	X	X	X	X
Technical tools	X	X	X	X
Administrative, physical, technical (internal) and technical (external) phases	X	X	X	X
Environmental Scanning
Annual internal vulnerability scan (at time of assessment)		X	X	X
Annual external vulnerability scan (at time of assessment)		X	X	X
Quarterly external vulnerability scan (3 quarters following assessment or until next SRA)		X	X	X
Consultation and Training
Security Risk Assessment review and recommendations			X	X
Review of client's follow-on remediation plan and recommendation (typically 30 to 60 days)			X	X
Action plan authoring and initial project plan			X	X
Quarterly Remediation Review			X	X