Information Security Risk Assessment Services

Simplify Security & HIPAA Compliance

Receive a security risk assessment conducted by certified professionals. Provide proof of HIPAA compliance or prepare for other audits or certifications such as HITRUST, ISO 27001, SOC 2, CMMC, PCI, CFPB, FISMA, FERPA, GDPR, and more!

We Will Analyze Your Administrative, Physical, and Technical Safeguards and Quantify Your Risk In Each Area

Save staff time and know your next Security Risk Assessment is done correctly.

Let our analysts walk you through every step. Confidently attest that your organization is HIPAA compliant.

Security Risk Analysis

A security risk analysis can be a daunting task. Meaningful use and HIPAA require you to conduct a Risk Analysis per CFR 164.308 (a)(1)(ii)(A). But if not conducted by an information security professional, your organization can still be exposed to threats against your patients’ information. And how do you know what to do after the assessment? DueNorth uses an unbiased, quantifiable assessment process built on the NIST framework that can be easily repeated year after year. We can help with any remediation efforts including policy and procedure creation, employee training, and more.

Help protect all your information, not just ePHI.
Test current information security measures.
Establish a risk management plan that is easy to understand from the board room to the tech room.
Build proof of compliance. HIPAA, FFIEC, PCI, GLBA, GDPR and more.

All Assessments are conducted by DueNorth Security staff members who hold at least one of the following certifications: 

Security Risk Assessment Options

Basic Security Risk Assessment

Designed for organizations large and small. This assessment qualifies for HIPAA and meaningful use under CFR 164.308(a)(1)(ii)A). Say goodbye to doing it yourself. Get 3rd party validation.

  • Administrative Controls
  • Physical Controls
  • Technical Controls
  • External Vulnerability Scan
  • Internal Vulnerability Scan

IT Systems Vulnerability Assessment

For organizations that have implement security controls on information systems. If you have an information security plan and you wish to test some or all of the security controls you have in place.

  • Basic Assessment PLUS
  • PenTesting
  • Application/Mobile App Scan
  • Social Engineering

Info Security Program Assessment

Audit your information security program from the ground up. We will use your framework or compliance requirements to conduct a gap analysis of Administrative, Physical and Technical Safeguards.

  • Info Systems Assessment PLUS
  • Audit of current information security program against desired framework or compliance requirements.

Frequently Asked Questions

How can a security risk assessment improve our bottom line ?
Ransomware, malware, or a breach can cost tens of thousands of dollars and weeks of staff time for data recovery and reproduction. Not to mention fines if your firm is found in violation of any regulatory requirements. A third party assessment proves you are taking responsible steps towards information security.
How long does a risk assessment take?
The basic assessment can be completed in 2 weeks while a security program assessment can take up to 8 weeks.
What are the end deliverables?

All assessments include: Risk Score, Risk Action Plan, Full Security Risk Assessment Report, Executive Summary with recommendations and all supporting documents and findings. DueNorth can also help with your remediation efforts.

Other Assessment Options:

Network Vulnerability Tests

Penetration Testing

Social Engineering

Computer Access Test

Security Control Assessment

 And Much More…

Let Us Help You Down the Path of Information Security

Get More Information Today

"Managing technology for 200 employees in five locations with many remote employees is a difficult task. DueNorth provides tools and people to make this job easier."

Lynn - CFO, Lakeland Mental Health Center

"Information and security are critical in a health care environment and DueNorth builds and maintains a network to keep our patient records secure and available."

Zach - Clinical Informatics Coordinator, McKenzie County Healthcare Systems

"DueNorth Security has surpassed expectations. They have effectively worked with us to resolve IT security and HIPAA risks in a timely manner. We can count on their team to help problem solve and guide us with best practices to meet all federal, state, and local requirements.

Marianne - Director of Human Resources, St. Luke's Medical Center

Awesome Clients


Top 8 Security Risk Assessment Findings

Top 8 Security Risk Assessment Findings

We conduct dozens of security risk assessments for clients each year. It’s not surprising that we see a common pattern of issues among many of the organizations.  Below is a description of these issues and what you can do to manage the risk associated with them. ...

How to Build and Information Security Program

How to Build and Information Security Program

Executives and board members are slowly but surely starting to realize that information security efforts need to become a priority.  Current efforts to protect information are now subject to more scrutiny by their customers, insurance companies and the government....

Avoid a Security Audit, Conduct an Assessment in 5 steps

Avoid a Security Audit, Conduct an Assessment in 5 steps

The term “security audit” is often used synonymously with security risk assessment and risk analysis. But a security audit for HIPAA compliance is when Health and Human Services (HHS) audits a covered entity or business associate to determine their level of compliance...