Risk Assessments

Assess your security controls against industry standard frameworks such as NIST CSF, ISO 27001, HIPAA, FAIR, and more. Identify gaps and plan initiatives to better align controls and manage risk.


The NIST CSF has become an industry leading framework for organizations to assess and improve upon cybersecurity risk management. SRA can assess your security controls maturity against the full set of NIST CSF v1.1 Functions and Categories to understand gaps and plan appropriate initiatives to better align your controls to the Framework.

ISO 27001

ISO 27001 is the international standard for Information Security Management Systems (ISMS). It provides a model for risk assessment, security design and implementation, and security management. The ISO 27001 standard specifies implementation and management guidelines to help keep your digital and paper information safe.

SRA can provide both Readiness Assessments and Gap Assessments to help you align your security controls to this framework.

HIPAA Risk Analysis

Our risk analysis process is aligned with HIPAA 164.308(a)(1)(ii)(A) and the OCR / HHS Guidance on Risk Analysis Requirements under the HIPAA Security Rule. It can also serve as your annual risk analysis for support of meaningful use requirements. We use the OCR Audit Framework as the basis of the risk analysis.

We conduct workshops, review documentation, and perform walkthroughs to gain an understanding of your alignment to the intent of the HIPAA Security Rule and HITECH Act as it pertains to ePHI.