Assessments are typically the starting point to any major initiative. Different assessments are meant for different situations contingent on WHY you are getting one. Understanding WHEN to use each kind of assessment is commonly misunderstood and sometimes misused. At the end of the day, blindly jumping into a big cybersecurity initiative like compliance or framework adoption without proper assessments can waste a lot of time and money. We recommend you use assessments properly to make accurate and smart decisions.

Risk Assessments


  • Gauge how much risk you currently have
  • Prioritize initiatives across the entire company
  • PCI Compliance (Required Annually)
  • HIPAA/HITECH Compliance (Required on a regular basis)
  • SOC2 Compliance (Required for each Section or TSP)
  • ISO 27000 Framework
  • NIST Framework

Risk assessments provide a way to identify, analyze, and prioritize which risks should be addressed to avoid damage to your organization. This is done by multiplying the impact of a risk by its likelihood. Whether security, compliance or general knowledge a risk assessment is one of the smartest ways of ensuring you have a thorough understanding of how to prioritize your initiatives and why.

Gap Analysis

A gap analysis sheds light on what exactly is needed in order to meet your goals. This is ultimately what allows you to properly budget your upgrades and save you from making a hugely misplaced investment into a solution that doesn’t end up checking enough boxes or supplying enough value for the price. This is best to take place after a risk assessment.


  • Gauge how much it will take to reach your goals
  • Gain understanding of what you can afford to do and when
  • Identify and quantify what you need to achieve compliance or implement a framework

Vulnerability Assessment


  • Discover what your existing vulnerabilities are
  • A requirement of all compliance regulations and frameworks
  • Should be a significant portion of a risk assessment
  • Helps prioritize security initiatives

Vulnerability Assessments provide what their name implies – showing you where you have vulnerabilities and tying those vulnerabilities to risk. This is why a vulnerability assessment is a crucial and significant piece of a good Risk Assessment. From unpatched systems and applications to misconfigurations, these assessments are crucial to preventing easily-avoidable catastrophes.