Clearwater Compliance: Process Improvement for Information Risk Management

True information risk management is all about establishing and implementing programs, which constantly evolve to meet the challenges of the current technological threats and vulnerabilities. Companies demand cost-effective solutions to manage and ensure security to achieve the set business values and goals. Clearwater Compliance, a Privacy, Security, Compliance and Information Risk Management firm, provides best-in-class software, tools, programs, and training, to help organizations tackle risk management in the information security space. “Our solutions play a predominant role because they help organizations to be self-sufficient without them having to rely on expensive consultants,” informs Bob Chaput, CEO and Founder, Clearwater Compliance. Working with healthcare organizations and business associates, the company has assisted more than 450 customers to operationalize and mature their information privacy, security, compliance, and information risk management programs. “Our aim is to approach every customer with dedication to do what’s right for them,” states Chaput.

"The HIPAA regulations as compared to most other security regulations demand the basic foundational requirement of implementing a security program," says Chaput. Basing their solutions around a four-step risk management methodology, Clearwater Compliance has embraced the National Institute of Standards and Technology (NIST) security framework. After gauging a client’s risk appetite, Clearwater Compliance designs an overall risk strategy, followed by a methodical process conducted on the client’s unique assets to gain a clear and comprehensive understanding of assets, threats and vulnerabilities. The outcome of which is called the risk register, which is an enumeration of the client’s most-to-least serious risks. On the basis of the risk register, a risk response plan is devised where the client takes an informed decision on how they want to tackle each risk by accepting, avoiding, mitigating and/or transferring it. Finally, the efficacy of the controls put in place are monitored and validated to create a baseline and ongoing dashboard of success.

In addition, a large part of Clearwater Compliance’s approach is grounded in educating organizations on data protection through a series of complimentary webinars, workshops, Blue Ribbon Panel forums and BootCamp events.