If your cybersecurity measures do not fully meet your needs for countering risks, vulnerabilities, and threats, those gaps in your protection must be addressed. Shortfalls may exist in the overall coverage provided by a cybersecurity program or in specific medical devices, facility-related control systems, and associated IT systems.
Our role in a gap assessment for you is to assess what you need, and compare with what you have. We take your DHS critical sector industry cybersecurity guidelines and best practices into account, and check compliance with relevant regulations (HIPAA for example) and risk management standards such as ISO 13485:2003 and ISO 14971. By comparing existing controls with minimum and generally adopted levels of controls, we build a complete assessment of your cybersecurity coverage.
Once any gaps are identified, we develop a plan with you to make necessary improvements to your cybersecurity. We make sure that priorities and responsibilities are clear, and check with you that resources can be allocated as required. Besides vulnerable, weak, or non-existent controls that must be remediated, we also identify areas of strength that must be maintained.
Our recommendations are designed to maximize your return on any investments in technology and services to reduce your cyber security risk. We also work with you to keep your cybersecurity strategy flexible to meet new needs as they arise, and to avoid gaps in the future by making it part of your overall risk and business continuity management.