Compliance Assist Partner Program (CAPP)

The Compliance Assist Partner Program (CAPP) is our flagship service that provides healthcare organizations with a trusted privacy, security, and compliance partner that helps achieve business goals. A CAPP engagement includes consulting services to assist in maintaining a proactive risk management program by performing standards-based periodic assessments, setting and achieving compliance goals, conducting periodic audits of key controls, and providing ongoing compliance, privacy, and security advisory support.

Comprehensive Risk Assessment

Information Security Program Assessment

Technical Security Assessment


Ongoing Advisory

Periodic Executive

Our Experts are Waiting!

Contact us to learn more about our CAPP service and how we can help your organization.

Standard CAPP Engagement Components

Our CAPP offering includes an annual risk assessment of your cybersecurity program reviewing both the program and technical components, against your various compliance requirements, your overall program maturity and evaluation against industry best practices. This comprehensive assessment leverages the NIST Cybersecurity Framework, HIPAA, ISO or other standards based on industry or client requirements and is conducted by certified experts that are full time employees of CynergisTek. We have decades of experience in assessing and maturing security programs across the healthcare space. Our assessment is comprehensive and provides a true baseline and a peer comparison to help with any budgets, projects, or executive presentations that you need to make.

CynergisTek will evaluate your organization’s information security program as a whole to measure compliance status for each element of the selected compliance framework thorough review of information security policies and procedures, interviews with key stakeholders, and by conducting physical walkthroughs.  The output of this effort is a comprehensive report of findings that clearly classifies various program elements for compliance, and your organization’s maturity using the COBIT maturity model for each element. In addition, for our healthcare provider organizations, CynergisTek’s Meaningful Use EHR Technical Security Controls Assessment, in conjunction with the annual Risk Assessment, will provide you with a deliverable you can use for your attestation process.

CynergisTek will monitor the effectiveness of your technical controls and current vulnerability management program of your organization through quarterly and semi-annual technical testing, allowing us to effectively identify your critical vulnerabilities. As part of the CAPP, we will provide trending data along with reports that show your areas of improvement and progress throughout the term of the engagement. This will help hold your IT team accountable, but also show continued improvement towards a better security environment.  Components of the Technical Security Assessment include:

  • Architecture Assessment
  • External Vulnerability Assessment (quarterly)
  • Internal Vulnerability Assessment (bi-annually)
  • Wireless Security Assessment

The output of this effort includes a comprehensive Report of Findings along with the raw vulnerability testing reports at the end of each testing cycle that provide a summary of findings and details that may serve as a guide to remediation of individual vulnerabilities.

CynergisTek’s philosophy is that risk management and risk analysis are continuous requirements of an effective information security program operating in a dynamic threat environment. Therefore, as part of the CAPP, CynergisTek facilitates an interactive Risk Analysis working session with key stakeholders to introduce the organization to the steps required to develop a concise risk profile. Our process is comprehensive, traditionally broken into nine steps that correspond and are consistent with the NIST SP 800-30 methodology and the Office for Civil Rights HIPAA Guidance of July 2010, or other standards as required by the client.

The output is a Risk Analysis Workbook and Risk Profile Plan that encompasses an enterprise-level evaluation of reasonable risks to the confidentiality, integrity, and availability of systems.

CynergisTek consultants and executives are industry veterans that are dedicated to providing the necessary resources and experience to your organization, which enables you to accelerate the implementation of your security, privacy, and compliance programs. Exclusive to our CAPP customers only, CynergisTek’s extensive pool of privacy, compliance and security experts can provide guidance as requested when you have questions regarding the development or remediation of your program.  Your organization will have access to the entire CynergisTek staff, whether the request is a complex technical question or a higher-level program management discussion. In addition, our subject matter experts continuously keep your organization up to date on guidance related to new threats, regulations or other industry news through our CAPP Notices.

CynergisTek’s senior leadership is made of up industry executives who hold many relevant credentials and are recognized across the industry. In addition to sharing our knowledge with your organization on a continuous basis, our executives meet with you periodically to ensure you are leveraging all of the CAPP services available and we are providing the best service possible as we pursue a true partnership in supporting your remediation and program building efforts. New collaboration or service ideas often result from these meetings which support both of our organizations as we tackle new challenges in this ever-changing industry.

CAPP Community

Optional Add-On Services

What Our Clients Say

Having a partner that is actively monitoring our systems, trends, local and global threats not only saves the Virtua IT Security team time, but provides us with the ability to proactively look at potential threats to plan accordingly. The partnership with CynergisTek has allowed us to focus on compliance, developing risk programs, policy and procedures leading to a culture focused on making us more secure.

Tom Gordon, CIO, Virtua

CynergisTek’s in-depth industry expertise and proven track record of providing thorough and actionable assessments made it the clear choice to partner with on our privacy and security initiatives. With its unmatched knowledge of the current threat and regulatory landscape, we look to CynergisTek to provide the unique capability that will help us identify and address any potential vulnerabilities quickly and effectively, which is critical in today’s environment.

Patricia Tooley, Vice President, Privacy and Security, Memorial Hermann

Related Resources