Why execute Security Risk Assessments (SRA)?
Regulatory Compliance:
- HIPAA/HiTech, PCI, Gramm Leach Bliley Act, Sarbanes Oxley, CobiT etc.
- Required by Business Associate Agreements if you work with Healthcare or PHI (Protected Health Information) by HIPAA
- Required for Meaningful Use Attestation for both Stage 1 and Stage 2
- Required by the General Services Administration (GSA) if you do any government work
- Required if you take or store credit card information (Payment Card Industry/ PCI)
- Required by the Safeguards Rule of the Gramm Leach Bliley Act to protect clients’ financial information
- For publicly traded companies, required to be in the MD&A per the SEC