The Duty of Care Risk Analysis Standard (“DoCRA”)

If you need help to assess your plan and move toward the DoCRA Standard, a DoCRA GAP Assessment and Roadmap can assist you towards compliance.

During the project a senior HALOCK resource will spend a business day on-site at your company to understand your environment, mission, priorities, and role of information security. Deliverables: DoCRA Gap Assessment Report and Roadmap for Implementing DoCRA at your organization.


If you need to transition the organization’s security programs to the DoCRA Standard, the DoCRA Upgrade Solution can help.

During DoCRA Upgrade projects, HALOCK works with organizations to define their risk assessment and risk acceptance criteria by conducting a workshop with senior management and executives. HALOCK then re-evaluates the organization’s known risks and vulnerabilities using the new criteria by using evidence-based likelihood estimation tools, such as HALOCK’s Foreseeable Threat Index (FTI). HALOCK will then help design risk treatment safeguards that evaluate as reasonable risks that result in acceptable risk.



If you need to implement a DoCRA process from the ground up and to design the risk treatment safeguard, the DoCRA Risk Assessments solution can help.

HALOCK’s Duty of Care Risk Assessments support our clients’ needs to comply with regulations such as the HIPAA Security Rule, Gramm Leach Bliley Act, GDPR, 23 NYCRR Part 500 and 201 CMR 17.00. And because our risk assessments conform to established risk assessment standards, NIST Special Publications and Cyber Security Framework, CIS Controls, ISO 27001, and PCI DSS are also supported.


Contact Us