This article describes how eXpress badging® identifies, assesses, manages, and tracks risks to our information systems and customer data.
This program consolidates our practices, procedures, and supporting documentation in alignment with NIST CSF 2.0 and ISO/IEC 27001 principles.
📝 A. Procedural Documents
eXpress badging® maintains documented runbooks and response plans that define:
-
Who participates in risk assessment activities (Executive Leadership, IT/Security Lead, Technical Operations).
-
When risk assessments occur (quarterly EOS scorecards, annual reviews, and ad-hoc reviews after major incidents or changes).
-
How risks are tracked and remediated , using EOS issue-solving processes, vulnerability management tools, and support ticketing systems.
🔗 Related Articles:
- Roles and Responsibilities
- Cybersecurity Awareness Education and Training
- Vulnerability Assessments, Penetration Testing & Remediation
-
Vulnerability Management & Cybersecurity Remediation Process
📜 B. Requirements Documents
The organization’s Risk Assessment & Management Program is governed by the following requirements:
-
Alignment with NIST Cybersecurity Framework (CSF 2.0) categories: Governance, Identify, Protect, Detect, Respond, Recover.
- CRM Issue Ticket creation, tracking, and resolution process to manage issues that are at risk.
-
EOS (Entrepreneurial Operating System) methodology for quarterly and annual planning, with Key Performance Indicators (KPIs) tracked on Scorecards.
-
Mandatory background checks, security training, and access controls for all employees.
-
Customer contractual requirements (e.g., HIPAA, HCA, Ascension, hospital InfoSec teams).
These requirements ensure risks are not just assessed, but actively managed through planning, execution, and ongoing monitoring.
📷 C. Risk Tracking Evidence
eXpress badging® tracks identified risks and mitigation efforts through:
-
Fortra Vulnerability Management reports and periodic VAPT assessments (available under NDA).
-
EOS Scorecards and Level 10 (L10) meetings where risks are logged as “Issues” and tracked to closure.
-
Support ticketing system for technical vulnerabilities and remediation tasks.
-
Risk register artifacts (sanitized screenshots available on request) showing:
-
Types of risks being tracked.
-
Assigned owners responsible for mitigation.
-
Review cadence (quarterly + ad hoc).
-
✅ Key Takeaways
-
eXpress badging® operates a formal Risk Assessment & Management Program approved by leadership.
-
Risks are assessed continuously, tracked systematically, and reviewed on a recurring basis.
-
Customers may request redacted evidence (e.g., VAPT summary or scorecard screenshots) under NDA.
Last Updated: 08/29/2025