Practical GRC
Practical Risk & Compliance Work – Assessments, Policies, Insights
recent posts
- Monitoring, Reporting & Continuous Improvement: Completing the GRC Cycle for a Small Canadian Clinic (OpenMRS Case Study)
- From Risk Assessment to Action: Developing Security Policies and Controls for a Small Canadian Clinic (OpenMRS Case Study)
- Risk Assessment in Action: OpenMRS Security Review for a Canadian Clinic
about
Category: Uncategorized
-
Introduction In Post 1 I performed a NIST SP 800-30 risk assessment for a fictional single-site Canadian clinic using OpenMRS. In Post 2 I turned those risks into governance deliverables – policies, a controls library, and a 90-day roadmap. This post closes the full cycle by covering monitoring, residual risk review, basic reporting, and light…
-
Introduction In my previous post, I completed a NIST SP-300 Risk Assessment for a fictional single-site Canadian Clinic running the OpenMRS electronic medical record system. I identified three key risks: This post turns these risk findings into practical governance deliverables – targeted security policies, a simple controls library, a 90 day implementation roadmap, and an…
-
Introduction This risk register simulates a GRC assessment for small clinics that use OpenMRS, an open-source EMR system. It manages patient demographics, medical history, lab results, and other clinical records, deployed on-premise for enhanced control and data sovereignty, minimizing third-party risks. This setup supports a practical cybersecurity risk evaluation. The primary objectives are protecting patient…
Practical GRC 