Cybersecurity Assist Partner Program (CAPP)
A partnership program focused on advancing cybersecurity maturity, reducing risk, and building resilience
A Proactive Strategy from a Reliable Partner
You don’t have to go it alone. The CAPP program gives you a strategy security and privacy partner that collaborates with your staff to identify risk management needs, assist with remediation, and provide executive support. We’ll help you establish and maintain a proactive risk management program by conducting regular standard-based periodic risk assessments, setting and achieving compliance goals, periodically assessing key controls, and providing ongoing compliance, privacy, and security advisory support.
Proven Results in Advancing Healthcare’s Cybersecurity Posture
CAPP is a long-standing Security & Risk Management managed service offering, which has helped hundreds of healthcare organizations improve their security posture over the last decade. Clearwater continues to offer this program to existing CAPP clients. Through the CAPP Program, Clearwater collaborates with client staff to annually measure and improve cybersecurity program maturity relative to the NIST Cybersecurity Framework, execute an enterprise-level Risk Assessment, assess HIPAA compliance, and provide remediation recommendations. CAPP is a modular program to which clients can add any of Clearwater’s other services.
For new clients, or existing clients seeking an asset-based, and continuous risk analysis approach, we recommend reviewing the ClearConfidence program, which incorporates CAPP features and benefits into this more advanced program.
As with all of our managed service programs, our executives are engaged to ensure your needs are being met while collaboratively helping you navigate the complex and ever-changing threat and compliance landscape.
Ongoing Advisory Services
A key feature of the CAPP program is ongoing advisory support. As your security partner, you can register advisory requests through our online system, and we will assign a domain expert to provide expert advice.
Enterprise-Level Risk Assessments
We perform an enterprise-level risk assessment of your organization’s security program leveraging an assessment of security controls and assessing the likelihood and impact of a security incident or breach based on applicable vulnerabilities and threats.
Cybersecurity Maturity Assessment
We evaluate your conformance to and maturity with the NIST Cybersecurity Framework. In addition, we provide an industry peer comparison that you can use to communicate where you stand to leadership and the Board. We track your improvement over time, demonstrating progress and ROI with cybersecurity program investments.
Technical Security Assessment
We evaluate the effectiveness of your technical controls and current vulnerability management program through quarterly and semi-annual technical testing, allowing us to effectively identify your critical vulnerabilities. We provide trending data and reports that show improvement areas and progress over time.
Your Clearwater CAPP team is led by cybersecurity and compliance experts who understand the unique pressures that healthcare organizations face and how to help you build and execute a program that will stand up to those pressures.
Dave Bailey is Vice President of Security Services at Clearwater and leads the managed, professional, and consulting services for the […]
Jaime Cifuentes, CISSP, MCITP, MCT
Jaime Cifuentes is an Information Security Consultant at Clearwater, bringing Clearwater customers over 20 years of information technology and security […]
Contact us to learn more about Clearwater
With Clearwater, you get a partner who provides a comprehensive picture of your risks and vulnerabilities so you can make smart decisions for about your privacy and security posture.
Our consultants are the best in the field and bring decades of healthcare cybersecurity experience to help you meet your business objectives, protect patient data, and build a cyber-resilient posture for the future.
Recent OCR and State Attorney Generals’ HIPAA Enforcement Actions Stress the Critical Importance for Asset-Based Risk Analysis of All Systems with ePHI