Risk assessments are an integral part of any risk management program. Though
ongoing operations may reasonably identify areas of enterprise risk, the value
of a third-party risk assessment is often found in the unique perspective
afforded by external subject matter expertise. Fortrex Comprehensive Risk
Assessments (CRA) offer independent examinations of logical, operational, and
physical risk; quantifiable risk profile, and actionable recommendations for
treatment. CRAs are conducted according to ISO 27001/2 and NIST 800-53 baselines
with additional standards and regulatory mappings including but not limited to
PCI, HIPAA, GLBA, and CobiT; upon request. With the Ponemon Institute 2009
United States study of data breach costs indicating an estimated loss of $204
per compromised record, taking reasonable precautions and managing
organizational risk has never been more warranted.