
Risk Assessments
CLICK HERE for CHRA resources
Risk assessments are a formal, detailed, yet flexible method of evaluating the business and operational risks and controls of an organization.
This provides senior management with an effective way to understand and appropriately mitigate risks to the organization with associated executive and line management reports. It compiles and clarifies information related to prevention and control technologies, practices, and their associated effectiveness which could reduce and/or eliminate risks. Additionally, these assessments summarize existing controls and provides recommendations for remediating any deficiencies.
NIST
Drummond conducts risk assessments leveraging NIST 800-53 to identify technical and administration risks, provide risk mitigation recommendations.
CRA
Drummond Comprehensive Risk Assessments are based on controls found in ISO 27001 and guidance on these controls documented in ISO 27002, to assess how technology and operational risks are managed and controlled, and to evaluate the overall risk exposure to the company and its customers.

FFIEC
Drummond offers a comprehensive FFIEC Risk Assessment for financial institutions by identifying and finding gaps in your security policies and practices. By conducting a risk assessment, you and your organization will gain compliance for key assets and IT System with solid controls and frameworks in place.

CHRA
Drummond’s Comprehensive Healthcare Risk Assessment is a formal, detailed, yet flexible method of evaluating the business and operational risks and controls of an organization.