Risk Management Program

Reach and Maintain Acceptable Risk

Risk is always a part of your cyber strategy. It evolves based on your environment. It could be calm one moment, then a disastrous storm the next. The key to managing risk is to continually take care of your critical business areas and all interested parties.

But how do you manage the needs of many with different priorities?

By establishing reasonable security through the Duty of Care Risk Analysis (DoCRA). Duty of care requires that organizations demonstrate they used controls to ensure that risk was reasonable to the organization and appropriate to other interested parties at the time of the breach. This approach enables users to:

  • Prioritize security investments
  • Consider the needs of all interested parties
  • Demonstrate that the risk is ‘Acceptable’ or ‘Reasonable’
  • Protect the organization without overly burdening it
  • Continuously manage to ‘enough’ security
  • Manage your cyber insurance coverage appropriately

We also incorporate the Sedona Conference’s “Test for Reasonable Security Controls” establish that safeguards must not pose a higher risk to the organization than the lack of safeguards poses to others. By balancing an organization’s mission, objectives, and obligations, your risk strategy will have the appropriate balance of compliance, security, and corporate responsibility. You will be practicing ‘reasonable security’.


Reasonable Risk

Download the brochure

Learn more about how DoCRA applies to your compliance requirements such as HIPAA, PCI DSS, Privacy and help you reach and maintain acceptable risk and reasonable security.



2023 Cybersecurity and Regulatory Calendar Compliance requirements and proposed rules that may impact your organization, with resources and references to help you make informed decisions.