847.221.0200  Main Office
800.925.0559  INCIDENT RESPONSE HOTLINE

The Duty of Care Risk Analysis Standard ("DoCRA")


The Duty of Care Risk Analysis Standard (“DoCRA” or “the Standard”) presents principles and practices for analyzing risks that addresses the interests of all parties potentially affected by those risks.

DoCRA (or “Duty of Care Risk Analysis”) is a method for analyzing risk as regulators and judges expect it to be done. Regulations and judicial “balancing tests” expect that organizations consider the likelihood and degree of harm they may cause themselves and others, and to use safeguards that reduce those risks – as long as those safeguards are not overly burdensome.

DoCRA can be used to analyze cybersecurity risks using any variety of control standards or regulatory requirements. HALOCK uses DoCRA methods to analyze risks with ISO 27001/27002, NIST Special Publications 800-53, the HIPAA Security Rule, GDPR, 23 NYCRR Part 500, 201 CMR 17.00, the NIST Cybersecurity Framework, and even maturity model-based controls models, such as FFIEC CAT.

Learn more by visiting docra.org
Download the DoCRA checklist.  
CIS RAM FAQs

Learn more about HALOCK services to support DoCRA


Helps organizations assess and plan their move toward the DoCRA Standard.

  
Helps organizations transition their security programs to the DoCRA Standard.

  
Implement a DoCRA process from the ground up and to design the risk treatment safeguards.