Information Security Risk Assessment

Simplified HIPAA Compliance

Meet your requirements & improve your security position.

Save staff time and know your next Security Risk Assessment is done correctly.

Let our analysts walk you through every step. Confidently attest that your organization is HIPAA compliant.

Security Risk Analysis

A security risk analysis can be a daunting task. Meaningful use and HIPAA require you to conduct a Risk Analysis per CFR 164.308 (a)(1)(ii)(A). But if not conducted by an information security professional, your organization can still be exposed to threats against your patients’ information. And how do you know what to do after the assessment? NorthStar uses an unbiased, quantifiable assessment process built on the NIST framework that can be easily repeated year after year. We can help with any remediation efforts including policy and procedure creation, employee training, and more.

Help protect all your information, not just ePHI.
Test current information security measures.
Establish a risk management plan that is easy to understand from the board room to the tech room.
Build proof of compliance. HIPAA, FFIEC, PCI, GLBA, GDPR and more.

All Assessments are conducted by NorthStar Technology Group staff members who hold at least one of the following certifications: 

Security Risk Assessment Pricing

Basic Security Risk Assessment

Starting at:


Designed for organizations that are in the early stages of forming a security plan. This assessment qualifies for HIPAA and meaningful use under CFR 164.308(a)(1)(ii)A).Say goodbye to doing it alone!

  • Administrative Controls
  • Physical Controls
  • Technical Controls
  • External Vulnerability Scan
  • Internal Vulnerability Scan

IT Systems Vulnerability Assessment

Starting at:


For organizations that have implement security controls on information systems. If you have an information security plan and you wish to test some or all of the security controls you have in place.

  • Basic Assessment PLUS
  • PenTesting
  • Application/Mobile App Scan
  • Social Engineering

Info Security Program Assessment

Starting at:


Audit your information security program from the ground up. We will use your framework or compliance requirements to conduct a gap analysis of Administrative, Physical and Technical Safeguards.

  • Info Systems Assessment PLUS
  • Audit of current information security program against desired framework or compliance requirements.
How can a security risk assessment improve our bottom line ?
Ransomware, malware, or a breach can cost tens of thousands of dollars and weeks of staff time for data recovery and reproduction. Not to mention fines if your firm is found in violation of any regulatory requirements. A third party assessment proves you are taking responsible steps towards information security.
How long does a risk assessment take?
The basic assessment can be completed in 2 weeks while a security program assessment can take up to 8 weeks.
What are the end deliverables?
All assessments include: Risk Score, Risk Action Plan, Full Security Risk Assessment Report, Executive Summary with recommendations and all supporting documents and findings. NorthStar Technology Group can also help with your remediation efforts.

Other Assessment Options:

Network Vulnerability Tests

Penetration Testing

Social Engineering

Computer Access Test

Security Control Assessment

 And Much More…

Ongoing Security & HIPAA Compliance Services

Security and HIPAA compliance don’t stop at the assessment. We can help you along the way. Risk management planning, policy and procedure creation and more.


Conducted by certified information security professionals on an annual basis. Meet your compliance needs and gain visibility into your risk before it’s too late.

risk management plan

We develop a risk management plan with clear goals, timeframes, and required resources. Easy to understand across all departments, from the boardroom to the breakroom.

vulnerability scans

Each quarter we will rerun our vulnerability scans to make sure critical vulnerabilities were re-mediated and to identify anything new. 


After 12-24 months of guided risk remediation/mitigation, we will conduct another risk assessment to show progress and provide proof of contract or regulatory requirements.

Let Us Determine the Right Risk Assessment For You

Get a Security Risk Assessment Quote Today

Vendor Risk Management

VENDEFENSE is a best-in-class vendor risk management platform that is simplified, standardized, and entirely defensible when used to manage your third-party information security risk management program.

VENDEFENSE allows you to:

Eliminate spreadsheets
Automate your vendor risk management program
Ease the burden on your company and its employees
Spend Less Than 7 Minutes Per Vendor, Per Year!

Employee Awareness Training

Email Phishing

Employees are a weak link in the chain of information security. Any employee could compromise your network by clicking a link in a phishing email.

Social Hacking

Sometimes it is “innocent” information disclosed on Facebook, Twitter or LinkedIn that can compromise you company’s security.

Acceptable Use

Some websites and toolbars are filled with malware can infect the entire network with cyprolocker. Educate employees on proper use of the internet at work and public wi-fi.

Educating your workforce helps curb potential hazardous behavior that could result in a security breach. Test, train, and report with our easy to use learning management system.

Awesome Clients


Top 8 Security Risk Assessment Findings

We conduct dozens of security risk assessments for clients each year. It’s not surprising that we see a common pattern of issues among many of the organizations.  Below is a description of these issues and what you can do to manage the risk associated with...

How to Build and Information Security Program

Executives and board members are slowly but surely starting to realize that information security efforts need to become a priority.  Current efforts to protect information are now subject to more scrutiny by their customers, insurance companies and the government....

Free FISASCORE estimate

ISASCORE is a comprehensive, risk-based measurement of information security assigned to your company based on a proven and thorough assessment process. Once completed, FISASCORE will identify critical vulnerabilities, control gaps/ deficiencies, and applicable threats...