Enterprise cybersecurity demands a change as the threats that businesses face are constantly morphing due to emergence of sophisticated hackers and attackers. Headquartered in Nashville, TN, Clearwater Compliance helps organizations establish, implement and mature their cyber risk management program. “We train the workforce members in completing bona fide risk assessments and help them understand the difference between daily security operations and enterprise cyber risk management,” begins Bob Chaput, Founder and CEO, Clearwater Compliance.
Clearwater Compliance offers powerful, web-based software services to operationalize the client’s privacy, security, compliance and cyber risk management programs. The primary focuses of Clearwater’s approach are five critical capabilities: governance, people, process, technology and engagement. Many organizations struggle to become compliant with regulatory requirements and to build strong security programs. It is a two-pronged problem: compliance risk and security risk. “Organizations cannot afford to underestimate the scale and potential cost of cyber threats and security breaches,” says Chaput.
Clearwater’s Information Risk Management Pro (IRM|Pro™) suite of software comprises of four modules– IRM|Analysis™, IRM|Security™, IRM|Privacy™ and IRM|Capability™. “The major benefit that we provide through the IRM|Pro™ suite is that we fundamentally assist organizations in avoiding monetary losses,” states Chaput. The IRM|Security™ and IRM|Privacy™ modules identify the compliance gaps by detecting the missing and out dated policies, and automatically generating specific remediation paths and strategies. The modules then facilitate execution of plans, provide dashboards that reflect the client’s current status, and serve as a document repository which houses all the policies, procedures, laws, evidence, and reports, accounting for an efficient compliance program.The modules then facilitate execution of plans, provide dashboards that reflect the client’s current status, and serve as a document repository which houses all the policies, procedures, laws, evidence, and reports, accounting for an efficient compliance program.
Our IRM/Pro suite fundamentally aids organizations in avoiding monetary losses associated with being out of compliance and/or experiencing a data breach
The IRM|Analysis™, module automates the conventional process outlined in the National Institute of Standards and Technology (NIST) SP 800-39 which is the basis of the HHS/OCR guidance on performing risk analysis. IRM|Analysis™ is a highly scalable software solution, which automates a very detailed and systematic industry standard approach to information risk management. “Additionally, IRM|Capability™ helps organizations create their current profile required for the adoption of the NIST Cybersecurity Framework,” says Chaput.
Clearwater Compliance has engineered a way to automate and operationalize an industry standard for helping their customers become and remain compliant, avoid data breaches and preserve capital by reducing information and cyber risks. For instance, one very large hospital system faced many obstacles in establishing its cyber risk management program: narrowly focused IT security efforts, silo-ed risk assessment approach and undefined risk tolerance. With Clearwater’s assistance, the health care company adopted the NIST approach (Framework + Process + Maturity Model) to establish, implement and mature its cyber risk management program. They went beyond the basic compliance checklists to implement a robust, affordable, and scalable information risk management program through the solutions catered by Clearwater Compliance.
From a go-to-market perspective, Clearwater compliance will remain focused on cyber risk management in the healthcare space. As opportunities emerge, the firm envisions expanding and serving other industries with superior quality products, concierge-level customer service, and cost effective solutions. Today, it’s IRM|Analysis™, which is agnostic of the industry and type of sensitive data, can be used to automate the NIST SP800-39 information risk management process for any organization. “We will continue to make investments in areas related to the NIST approach, and enhance our products and services in the healthcare industry,” concludes Chaput.