Advisory & Consultation
We provide subject matter expertise and advice to meet your security, risk and compliance needs. We offer consulting support through various stages of your project to help you keep KP and our members safe.
We help you understand your technology risk profile and its impact to your key projects and initiatives. We also advise on leading risk management processes.
Risk Response and
We help you understand the options available to address control gaps identified by assessments or audits. Options include Operational Deviation, Treatment Exemption, Disaster Recovery Exception, Risk Acceptance, and Risk Remediation Plan.
Business Risk Consultation
We help you understand your technology risk profile and its impact to your key projects and initiatives. We also advise on leading technology risk management processes.
Risk Response and Exception Support
We help you respond to and seek exceptions, where necessary, for technology risks. Options include the following:
Operational Deviation: Allows an exception to KP Access Management policies and standards, such as generic accounts usage, interactive service account usage, non-human NUID accounts, password standard settings/SOX 12.04.03 control requirements, and local workstation elevated privileges. Learn More
Treatment Exemption: Addresses technical security non-conformance at the operational level, providing exemptions from Technical Security Standard (TSS) settings, software currency, removable media encryption, patching and monitoring agents. Learn More
Disaster Recovery Exception: Allows exceptions to IT Disaster Recovery policy, including exception to, or deferral of, disaster recovery testing and deployment. Learn More
Risk Acceptance: Allows IT solutions, applications, services, and processes to assume risks in lieu of issue remediation due to the mitigated impact to the environment or the cost of remediation. Learn More
Risk Remediation Plan (non CAP): This risk management service allows for a Risk Remediation Plan to be submitted for remediation of cyber security defects and vulnerabilities where remediation cannot be completed within the required Risk Treatment Period (RTP). Learn More
Remediation with Correction Action Plan (CAP), identified through internal and external audits and assessments, are managed by the Privacy, Security and Technology Compliance team. Visit the PSTC site to learn more or initiate an intake.
You have two ways to access this service:
Click “Learn More” for your selected service to access instructions and use cases. WSSO and account registration will be required when you are ready to initiate your request.
To request a risk advisory consultation, connect with your technology risk consultant.
Contract Review Support
We provide advice on contractual language related to privacy and security requirements. This service includes review of vendor and employer group contracts.