Compare HIPAA Training
Tel: (515) 865-4591
 
 
 
Risk Assessment Bundle Both Versions

Our templates are created based on best practices and standards for Risk Assessment. The complete package has Risk Assessment guides, templates, forms, worksheets, policies, information on free resources and standards.Our risk assessment templates will help you to comply with following regulations and standards like HIPAA, FDA, SOX, FISMA, COOP & COG, FFIEC, Basel II and ISO 17799.

These templates can be used by Healthcare organizations, IT departments of different companies, security consulting companies, manufacturing company, servicing companies, financial institutions, educational organizations, law firms, pharmaceuticals & biotechnology companies, telecommunication companies and others.

Following Risk assessment templates package is available to suit your needs. Refer to other packages for additional supporting documents for a complete.

Cost: $120

Conducting a Risk Assessment Guide

Objectives

The intention of this document is to help the business conduct a Risk Assessment, which identifies current risks and threats to the business and implement measures to eliminate or reduce those potential risks.  This document provides guidance on how to conduct the Risk Assessment, analyze the information that is collected, and implement strategies that will allow the business to manage the risk.  The following documents are available to help the business complete the assessment:

  • Risk Assessment Template
  • Risk Assessment Worksheet
  • Facility RA Findings Report
  • Executive RA Findings Report
  • Examples of Preventative Measures

The Risk Assessment is only part one of an overall Business Assessment.  A Business Assessment is separated into two constituents, Risk Assessment and Business Impact Analysis (BIA).  The Risk Assessment is intended to measure present vulnerabilities to the business’s environment, while the Business Impact Analysis evaluates probable loss that could result during a disaster.  To maximize the Risk Assessment, a Business Impact Analysis should also be completed. 

Table of Contents of Conducting a Risk Assessment

INTRODUCTION           

Compliance      
Scope  

RISK ASSESSMENT    

Objectives of the Risk Assessment        
Risk Assessment Process        
What Should Be Included?         
Steps to Follow 

ASSESSING YOUR RISK

Identifying Risks / Threats          
Probability of Occurrence           
Vulnerability to Risk      
Potential Impact
Preventative Measures in Place  
Insurance Coverage       
Past Experiences

           
ANALYZING THE RESULTS   

Review Interview Notes  
Follow-Up Meetings       
Report the Results
           

FINAL REPORT & PRESENTATION   

Creation of Executive Report      
Presenting the Results  
Next Steps       
Conclusion       

KEYS FOR SUCCESS

Senior Management Support      
Effective Data Gathering Tools    
Key Resources 
Critical Data     
Executive Report           

APPENDIX ITEMS

Appendix A:  Risk Assessment Survey   
Appendix B:  Risk Assessment Worksheet         
Appendix C:  Facility Risk Assessment Report
Appendix D:  Executive Risk Assessment Report
Appendix E:  Examples of Preventative Measures

Risk Assessment Template

OBJECTIVE

Due to HIPAA Security Rule regulations, your organization must implement Contingency Planning Practices to ensure the protection of ePHI (electronic Protected Health Information).  In order to accomplish this undertaking, there are several steps that your organization will be completing to identify critical business functions, processes and applications that process ePHI and to understand the potential impact to the business if a disruptive event occurred. 

One of the first steps of implementing the Contingency Program for your organization is to conduct a Risk Assessment (RA).  This questionnaire will help you to identify the current risks and threats to the business and implement measures to eliminate or reduce those potential risks.   Once the survey is completed, the RA Project team will analyze the data and create prioritized risk reduction (mitigation) strategies to present to senior management. 

Table of Contents of Risk Assessment Template

OBJECTIVE     

GENERAL INFORMATION        

Respondent Information 
Company Information     

PREVIOUS DISRUPTIONS       

Facility Related 
Technology Related       
Weather Related           

NATURAL & MAN-MADE RISKS & THREATS    

Natural Risks / Threats  
Man-Made Risks / Threats         

ENVIRONMENT & FACILITY RISKS      

Environment Risks / Threats      
Facility Risks / Threat    

PREVENTATIVE MEASURES    

Hazardous Materials     
Fire Containment          
Emergency Notification, Evacuations, Alarms & Exits      
Facility Features, Security,  & Access    
HVAC  
Utilities
Data Center (Technologies)

Preventative Measures

The following list contains examples of preventative measures that can be implemented by the company to mitigate the potential risks that currently exist.   Some of these activities may be achievable easily, as to where some may take more time and more resources.

Natural Risks

These risks are usually associated with weather related events:  flooding, high winds, severe storms, tornado, hurricane, fire, high winds, snow storms, and ice storms. 

Risk / Threat

Preventative Measures

Earthquakes
  • Move large and heavy objects to the fall to prevent injury (from falling on people.)
  • Equipment tie-downs are used on all critical computer equipment.
  • Emergency power is available on-site.
  • Earthquake construction guidelines have been adhered to so that damage can be minimized.
  • Critical data and vital records should be backed up and sent offsite for storage.
  • Staff should be trained in Earthquake evacuations and safety.

Man-Made Risks

These risks are usually associated with man-made type of events:  Bomb threats, vandalism, terrorism, civil disorder, sabotage, hazardous waste, work stoppage (internal/external), and computer crime. 

Risk / Threat

Preventative Measures
Staff Productivity Risks
  • Alternate sources of trained employees have been identified
  • Proper training and necessary cross-training is conducted
  • Files are backed up and procedures are documented
  • The work areas are comfortable and safe

Environmental Risks

These risks are usually associated with exposures from surrounding facilities, businesses, government agencies, etc. 

Risk / Threat

Preventative Measures

Hazardous Materials Plant

 
  • There is a nightly backup of data processing electronic record and that backup is stored off-site
  • The off-site backup facility is a sufficient distance away from this facility
  • An alternate site has been identified for use in the event that this facility is unusable

To view specific section of this document, please contact us at Bob@training-hipaa.net or call us at (515) 865-4591.

 
 
Certified HIPAA Privacy Security Expert
 
   
 
Resource| Sitemap| HIPAA Online Training | HIPAA Certification | HIPAA Privacy and Security Training | HIPAA Templates Suite | HIPAA Compliance Services | HIPAA Security Policies | Disaster Recovery Plan | HIPAA Privacy Certification | HIPAA Security Certification | HIPAA Training ScheduleHIPAA Compliance Software | HIPAA Audit | HIPAA Certification | HIPAA Online Certification & Exam
855 SE Bell Ct, Waukee, IA 50263 USA. Tel: (515) 865-4591 | Fax: (515) 221-2363
Valid CSS!
visa
Valid XHTML 1.0 Transitional
Copyright © 2005-2013 SUPREMUS GROUP
'This site is best viewed using Internet Explorer 5.0/higher or Netscape Navigator 7.0/higher at 1024x768 resolution for optimum performance
Google | Wikipedia discussing HIPAA| Google Plus