Initiative: CRISC-Aligned IT Risk Management Program
Organization: Northshore Health Systems (NHS)
Status: Completed
Prepared By: Steve Davis Jr.
Role: IT Risk / GRC Analyst
The purpose of Project 0 is to establish the organizational context, governance assumptions, and foundational risk management parameters required to support consistent, risk-informed decision-making across subsequent IT risk management initiatives.
This project serves as the baseline reference for Projects 1–6 of the 6RISC project initiative and ensures that identified risks, control decisions, and reporting outputs are aligned with business objectives, regulatory obligations, and organizational risk appetite.
Northshore Health Systems (NHS) is a mid-size healthcare technology and services organization that provides a cloud-based care coordination and data exchange platform for hospitals, outpatient clinics, and specialty healthcare providers.
NHS processes and stores protected health information (PHI) on behalf of its customers and supports mission-critical clinical workflows that require high availability, data integrity, and regulatory compliance.