The Duty of Care Risk Analysis Standard (“DoCRA” or “the Standard”) presents principles and practices for analyzing risks that addresses the interests of all parties potentially affected by those risks. It helps establish reasonable security based upon an organization's mission, objectives, and obligations.
DoCRA (or “Duty of Care Risk Analysis”) is a method for analyzing risk as regulators and judges expect it to be done. Regulations and judicial “balancing tests” expect that organizations consider the likelihood and degree of harm they may cause themselves and others, and to use safeguards that reduce those risks – as long as those safeguards are not overly burdensome.
DoCRA can be used to analyze cybersecurity risks using any variety of control standards or regulatory requirements. HALOCK uses DoCRA methods to analyze risks with ISO 27001/27002, NIST Special Publications 800-53, the HIPAA Security Rule, GDPR, 23 NYCRR Part 500, 201 CMR 17.00, the NIST Cybersecurity Framework, and even maturity model-based controls models, such as FFIEC CAT.
The DoCRA Checklist will help you assess if you meet the standard for a reasonable security strategy. Complete the form to download.

    Complete the form to download the DoCRA Checklist 

    HALOCK Security Labs

    1834 Walden Office Square | Suite 200 Schaumburg, IL 60173
    P: 8042124352

    ©HALOCK Security Labs. All Rights Reserved.

    By clicking the 'Submit' button, you are accepting HALOCK's privacy policy.

    HALOCK Newsletter Opt-In
    We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.