Plan Selection

MIPS Security Risk Assessment - DIY

MIPS (Merit-based Incentive Payment System) MACRA (Medicare Access and CHIP Reauthorization Act) is a value-based payment program that rewards eligible healthcare providers for providing high-quality, cost-effective care to Medicare patients. We offer a Security Risk Assessment to support your MIPS Application and meet eligibility requirements of the Quality Payment Program (QPP).


User Account Information

Remember your password for portal login


Package Add-Ons

Customize your MIPS Security Risk Assessment - DIY with these optional add-on services. These services can also be purchased at a later time.
HIPAA Awareness Staff Training - $14.99
The plan includes staff training license for only 1 user. To add additional staff training licenses, specify number here.

Vulnerability Scan (Each IP Address) - $49.00
A Vulnerability Scan costs $49 per year for each IP Address

Penetration Testing (Standard) - $2499.00
The Standard Add-On for Penetration Testing includes Internal and External Pen Testing for Small Enterprises up to 100 IP addresses. Please review if you require the Premium Add-On or Standard Add-On before you purchase. You can purchase Add-Ons at a later date.

Penetration Testing (Premium) - $0.00
This Add-On is a Request for Quote for the Premium Pen Testing Service that can be added to all security and privacy benchmarks. It is ideal for SOC 2, ISO, NIST, CMMC etc. It is preferred by organizations with custom web applications, mobile applications & a complex technology set-up. Please share your details on :


Training Modules

Extend training opportunities to your employees. These training modules include completion tracking and reporting.
Good Clinical Practices Training
Manage your customized training for your specific business needs. Prices may vary based on the number of users and content.

Additional Assessments

Additional assessments can be purchased to determine compliance in other areas of your organization.
21 CFR Part 11 (FDA) - DIY Assessment - $2499.00
21 CFR Part 11 is a regulation issued by the US Food and Drug Administration (FDA) that establishes requirements for electronic records and signatures in the context of FDA-regulated activities. It applies to pharmaceutical, biotech, and medical device companies that use electronic records and signatures in their operations.

GDPR Assessment 2024 - $0.00

ISO/IEC 42001:2023 - $0.00

RSM USA Assessment - $0.00

Vendor Risk Assessment - $0.00

FTC Safeguards Rule - DIY Assessment - $2499.00
Federal Trade Commission’s Standards for Safeguarding Customer Information – the Safeguards Rule, for short – is intended to ensure that entities covered by the Rule maintain safeguards to protect customer information. The rule reflects core data security principles that are mandatory for all covered companies. This plan includes a Security Risk Assessment.

Higher Education Community Vendor Assessment Toolkit (HECVAT) - $0.00
Campus IT environments are rapidly changing and the speed of cloud service adoption is increasing.  Institutions looking for ways to do more with less see cloud services as a good way to save resources. As campuses deploy or identify cloud services, they must ensure the cloud services are appropriately assessed for managing the risks to the confidentiality, integrity and availability of sensitive institutional information and the PII of constituents. Many campuses have established a cloud security assessment methodology and resources to review cloud services for privacy and security controls.  Other campuses don’t have sufficient resources to assess their cloud services in this manner.  On the vendor side, many cloud services providers spend significant time responding to the individualized security assessment requests made by campus customers, often answering similar questions repeatedly.  Both the provider and consumer of cloud services are wasting precious time creating, responding, and reviewing such assessments.

The Higher Education Community Vendor Assessment Toolkit (HECVAT) attempts to generalize higher education information security and data protections and issues for consistency and ease of use. Some institutions may have specific issues that must be addressed in addition to the general questions sets provided in the toolkit. It is anticipated that the HECVAT will be revised over time to account for changes in services provisioning and the information security and data protection needs of higher education institutions.

Higher Education Community Vendor Assessment Toolkit (HECVAT) - DIY - $2499.00
Higher Education Community Vendor Assessment Toolkit (HECVAT) is a data protection and cybersecurity questionnaire for academic institutions and their third-party service providers.

CAIQ Cloud Security Alliance - DIY Assessment - $799.00
The Cloud Security Alliance (CSA) Cloud Controls Matrix (CCM) and Consensus Assessments Initiative Questionnaire (CAIQ) are widely used frameworks for assessing and managing cloud security risks. Organizations that use cloud computing services can benefit from these frameworks to ensure that their cloud environments meet security best practices and compliance requirements.

CCPA DIY Assessment - $1299.00
The California Consumer Privacy Act (CCPA) applies to businesses that work with personal information of California residents, and have annual gross revenues of at least $25 million or handle the personal information of at least 50,000 consumers or households.

CIS AWS Benchmark DIY Assessment - $1299.00
CIS AWS Benchmarks are a set of security best practices and guidelines developed by the Center for Internet Security (CIS) for configuring and securing AWS resources. Organizations using AWS are encouraged to follow these benchmarks to enhance the security of their cloud infrastructure and comply with various regulatory requirements.

CIS Azure Benchmark DIY Assessment - $1299.00
The CIS (Center for Internet Security) Azure Benchmark is a set of guidelines and best practices for securing Microsoft Azure cloud environments. It is mandatory for organizations that need to comply with regulatory requirements such as HIPAA, PCI DSS, or ISO 27001, or those that operate in highly regulated industries or handle sensitive data.

CIS Controls (v8) - DIY Assessment - $1299.00
CIS Controls is a framework of cybersecurity best practices developed by the Center for Internet Security (CIS) to help organizations improve their security posture. Implementing these controls is recommended for organizations that want to strengthen their cybersecurity defenses and protect against cyber threats.

CIS GOOGLE Benchmark DIY Assessment - $1299.00
The CIS Google Benchmark is a set of security best practices and recommendations for securing Google Cloud Platform (GCP) resources, services, and configurations. It applies to anyone who uses GCP, including cloud administrators, security professionals, and DevOps engineers, to help them secure their GCP infrastructure and ensure compliance with industry-standard security practices.

Gramm-Leach-Bliley Act (GLBA) - DIY Assessment - $2499.00
The Gramm-Leach-Bliley Act (GLBA) is a United States federal law that requires financial institutions to protect the security and privacy of consumers' personal information. It also requires financial institutions to provide customers with a privacy notice that explains their information-sharing practices.

CIS Microsoft 365 Foundations Benchmark - DIY Assessment - $1299.00
CIS Microsoft 365 Foundations is a set of security controls and best practices designed to secure Microsoft 365 environments. It is mandatory for organizations using Microsoft 365 to protect their data, users, and devices from cyber threats.

CMMC Level 1 - DIY Assessment - $1299.00
CMMC stands for Cybersecurity Maturity Model Certification and it is a unified standard for implementing cybersecurity across the defense industrial base (DIB) sector. CMMC certification is required for all DIB contractors who handle Federal Contract Information (FCI) or Controlled Unclassified Information (CUI).

FERPA DIY Assessment - $1299.00
FERPA (Family Educational Rights and Privacy Act) is a US federal law that protects the privacy of student education records. It applies to all educational institutions that receive federal funding, including public and private schools, colleges, and universities.

GDPR DIY Assessment - $1499.00
The General Data Protection Regulation (GDPR) is a regulation by the European Union that sets out rules on how companies operating within the EU should protect and process personal data. It gives individuals greater control over their personal data and the right to have it deleted or transferred.

HIPAA DIY Assessment - $1299.00
Health Insurance Portability and Accountability Act (HIPAA) is a US federal law that establishes national standards for protecting the security and privacy of individuals' health information. Covered entities, such as healthcare providers and health plans, along with their business associates and third-party vendors, are required to comply with HIPAA regulations. It is mandatory for them to ensure the integrity, confidentiality, and availability of protected health information.

ISO 27001:2022 DIY Assessment - $2499.00
ISO 27001 is an international standard with specific requirements for managing Information Security Management System (ISMS). It provides a systematic and risk-based approach to managing sensitive and confidential information in order to protect the confidentiality, integrity, and availability of that information.

ISO/IEC 27701:2019 DIY Assessment - $2499.00
ISO 27701 is a privacy extension to the ISO 27001 standard, providing guidelines for implementing a privacy management system. Organizations that process personal data can benefit from implementing its controls to demonstrate compliance with privacy laws and build trust with their stakeholders.

ITAR DIY Assessment - $2499.00
ITAR stands for International Traffic in Arms Regulations, a set of regulations governing the export and import of defense articles, services, and technical data. ITAR applies to individuals and companies that deal with the manufacture, sale, or distribution of military technology and those with access to such technology or information.

NIST 800-171 (DoD) - DIY Assessment - $2499.00
NIST SP 800-171 is a set of security guidelines established by the National Institute of Standards and Technology (NIST) to protect Controlled Unclassified Information (CUI) in nonfederal systems and organizations. These guidelines specify a set of security controls and requirements that must be implemented to safeguard sensitive information from unauthorized access, use, disclosure, and destruction. Compliance with NIST SP 800-171 is mandatory for any nonfederal organization that handles CUI on behalf of the federal government.

NYDFS DIY Assessment - $1299.00
The New York State Department of Financial Services (NYDFS) is a regulatory agency responsible for supervising and regulating financial institutions in the state of New York. Any financial institution operating within the state of New York, including banks, insurance companies, and other financial services providers, must abide by NYDFS regulations.

NIST 800-53 - DIY Assessment - $2499.00
NIST 800-53 is a set of security controls published by the National Institute of Standards and Technology (NIST) for use in federal information systems in the United States. The controls cover a wide range of security areas, including access control, incident response, and system and communication protection. Organizations can use the controls as a framework for developing and maintaining their information security programs.

NIST Cybersecurity Framework - DIY Assessment - $2499.00
The NIST Cybersecurity Framework is a set of guidelines, standards, and best practices for managing and reducing cybersecurity risk. It is designed to be flexible and adaptable to different organizations, regardless of size, sector, or cybersecurity maturity level.

OSHA Healthcare - DIY Assessment - $899.00
OSHA (Occupational Safety and Health Administration) is a US federal agency responsible for ensuring safe and healthy working conditions by enforcing standards, providing training and education, and conducting inspections. OSHA's regulations and guidelines are mandatory for healthcare facilities and workers to comply with. Failure to do so can result in penalties and fines and, most importantly, lead to workplace injuries or illnesses.

OWASP Top 10 - DIY Assessment - $799.00
The OWASP Top 10 lists the ten most critical web application security risks, ranked based on their prevalence and potential impact. It covers developers, security professionals, and organizations involved in developing, testing, deploying, and maintaining web applications.

PCI DSS DIY Assessment - $1499.00
The Payment Card Industry Data Security Standard (PCI DSS) is a set of standards for security. They have been designed to ensure that all organizations that accept, process, store, or transmit credit card information maintain a secure environment. Any organization that handles credit card data, including merchants, financial institutions, and service providers need to be PCI DSS compliant.

Personal Data Protection Act (Thailand) - DIY Assessment - $1299.00
The Personal Data Protection Act (PDPA) in Thailand is a legal framework that regulates the collection, use, disclosure, and storage of personal data of individuals in Thailand, aiming to protect their privacy and data rights. It is mandatory for any individual or organization that collects, processes, or stores the personal data of Thai residents, including both public and private sectors.

PIPEDA DIY Assessment - $899.00
The Personal Information Protection and Electronic Documents Act (PIPEDA) is a Canadian federal law regulating businesses' and organizations' collection, use, and disclosure of personal information. It applies to private sector organizations that gather, utilize, or disclose personal information in the course of commercial activities.

SAMA Cybersecurity Regulatory Framework - DIY Assessment - $1899.00
The SAMA (Saudi Arabian Monetary Authority) Cybersecurity Framework is a set of guidelines and best practices designed to help financial institutions in Saudi Arabia mitigate cyber threats and enhance their cybersecurity posture. It is mandatory for all financial institutions operating in Saudi Arabia, including banks, insurance companies, and other financial service providers.

Security Risk Assessment - DIY - $1299.00
A Security risk assessment helps you to identify, evaluate, and prioritize potential threats to your organization's information systems and data. It analyzes the likelihood and potential impact of security breaches and implements appropriate measures to mitigate or manage those risks.

SOC 1 DIY Readiness Assessment - $2499.00
SOC 1 (Service Organization Control 1) is a set of standards developed by the American Institute of Certified Public Accountants (AICPA) for evaluating the effectiveness of a service organization's internal controls over financial reporting. The service organization's clients or customers often request this report, as it can assure that its financial processes are reliable and secure.

SOC 2 DIY Readiness Assessment - $2499.00
SOC 2 (System and Organization Controls 2) is a set of standards developed by the American Institute of Certified Public Accountants (AICPA) for evaluating and reporting on the controls of service organizations.

Custom - DIY Assessment - $2499.00


Vendor Assessments

Vendor assessments can be assigned to your vendors for completion. After completing the assessment, the results are made available for your review.
Vendor Risk DIY Assessment - $1299.00
A vendor risk assessment evaluates the security practices of third-party vendors who have access to organization's data or network. Failing to assess vendor cyber security risks can expose an organization to a range of threats, including data breaches, system failures, and reputational damage.



MIPS Security Risk Assessment - DIY $699.00