Clearwater Compliance: Process Improvement for Information Risk Management

Bob Chaput, Founder & CEO
True information risk management is all about establishing and implementing programs, which constantly evolve to meet the challenges of the current technological threats and vulnerabilities. Companies demand cost-effective solutions to manage and ensure security to achieve the set business values and goals. Clearwater Compliance, a Privacy, Security, Compliance and Information Risk Management firm, provides best-in-class software, tools, programs, and training, to help organizations tackle risk management in the information security space. “Our solutions play a predominant role because they help organizations to be self-sufficient without them having to rely on expensive consultants,” informs Bob Chaput, CEO and Founder, Clearwater Compliance. Working with healthcare organizations and business associates, the company has assisted more than 450 customers to operationalize and mature their information privacy, security, compliance, and information risk management programs. “Our aim is to approach every customer with dedication to do what’s right for them,” states Chaput.

"The HIPAA regulations as compared to most other security regulations demand the basic foundational requirement of implementing a security program," says Chaput. Basing their solutions around a four-step risk management methodology, Clearwater Compliance has embraced the National Institute of Standards and Technology (NIST) security framework. After gauging a client’s risk appetite, Clearwater Compliance designs an overall risk strategy, followed by a methodical process conducted on the client’s unique assets to gain a clear and comprehensive understanding of assets, threats and vulnerabilities. The outcome of which is called the risk register, which is an enumeration of the client’s most-to-least serious risks. On the basis of the risk register, a risk response plan is devised where the client takes an informed decision on how they want to tackle each risk by accepting, avoiding, mitigating and/or transferring it. Finally, the efficacy of the controls put in place are monitored and validated to create a baseline and ongoing dashboard of success.

In addition, a large part of Clearwater Compliance’s approach is grounded in educating organizations on data protection through a series of complimentary webinars, workshops, Blue Ribbon Panel forums and BootCamp events.
“Management or board members don’t have malice of intent when there is a data breach. There is a huge educational gap and we aim at supporting middle management in filling the gap,” remarks Chaput. Delivery of superior quality services and products at commercially competitive prices plays an important role for Clearwater Compliance. The company also believes in zero-defect design processes for software and consulting services. As a validation to their deep expertise in risk management, Clearwater Compliance’s solutions have earned the exclusive endorsement of the American Hospital Association.

In one instance, as part of the HITECH Act, a large metropolitan children’s hospital was provided incentives to implement an electronic health records system. The organization was striving to identify any compliance and security gaps and at the same time complete the risk analysis to successfully develop a remediation plan. After completing the Clearwater HIPAA security assessment process and the Clearwater HIPAA risk analysis process, Clearwater Compliance supported them through a federal government audit, and redeveloped remediation plans. With Clearwater’s help, the client received their incentive money and improved the security posture of the organization. "We execute every single project with a goal of exceeding customer expectations,” says Chaput.


By employing a risk management strategy, Clearwater Compliance’s tools largely help organizations establish, implement, and mature their security program


Steering his company with a sense of humility, Chaput considers this integrity approach a driving factor behind Clearwater’s success. The company plans on improving the agility of their solutions, scaling into larger enterprises. Going ahead, Clearwater Compliance will also continue to offer scalable enterprise-class SaaS platforms.

Company
Clearwater Compliance

Headquarters
Nashville, TN

Management
Bob Chaput, Founder & CEO

Description
Provides comprehensive, software and tools, risk management solutions, training, and professional services.