Accorian Risk Assessment is a service that helps organizations identify, analyze, and prioritize security risks across people, processes, and technology. The service evaluates the effectiveness of existing policies and controls to help security leaders understand their security posture. The service offers multiple types of risk assessments including Enterprise Risk Assessment for organization-wide risks, HIPAA Risk Assessment for healthcare compliance, NIST 800-30 Risk Assessment following NIST framework guidelines, Questionnaire-Based Risk Assessment using pre-designed questions, and Vendor Risk Assessment for evaluating third-party risks. Accorian uses a methodology that includes three main phases: Scope definition ranging from organization-wide to specific systems, Identification of potential threats and vulnerabilities with impact analysis, and Treatment through acceptance, mitigation, or avoidance strategies. The service leverages the GoRICO platform for vendor risk management, helping organizations identify vendors, categorize criticality, and assess associated risks. Assessments are designed to support compliance with standards including HITRUST, ISO 27001, SOC 2, HIPAA, and PCI DSS. The service provides analysis comparing an organization's information security program against the NIST Cyber Security Framework, considering factors such as relevant legislation, cost-benefit analysis of controls, institutional objectives, operational requirements, and anticipated costs of security failures.