Skip to content
CyberShieldMaple logo
Feature · Security Risk Assessment

Not a blank form. A guided assessment built on the IPC's own chapter 4 controls.

The IPC handbook chapter 4 requires a documented Security Risk Assessment — not a vague annual checkup, but a structured evaluation of your administrative, physical, and technical safeguards. CSM guides you through it and produces a sealed SRA report.

Get Your Accountability BenchmarkSee the platform live
What the IPC chapter 4 requires

An SRA is not optional. It is chapter 4 of the IPC's own handbook.

The IPC May 2025 accountability handbook dedicates an entire chapter to security risk assessment. Chapter 4 specifies what must be evaluated, how it must be documented, and how the findings must feed into remediation planning.

Most clinics that have "done an SRA" have completed a generic questionnaire that doesn't map to the IPC's own controls. CSM's guided SRA is built on chapter 4 — every question traces back to a specific control.

SRA assessment areas (IPC chapter 4)
Administrative safeguards — policies, training, accountability designation
Physical safeguards — facility access, workstation controls, device disposal
Technical safeguards — access controls, audit controls, transmission security
Organizational requirements — BAAs, vendor risk, contract provisions
Policies and procedures — documentation, change management, training requirements
Guided assessment capabilities

Structured guidance. Not a blank canvas.

IPC chapter 4 question framework
Every question in the SRA builder is mapped to a specific IPC chapter 4 control. Your answers produce documentation that is directly defensible against the IPC's own standard.
Auto-populated from existing data
CSM pre-fills SRA questions based on data already in your governance workspace — vendor list, training log, policy versions. No re-entering what you've already documented.
Gap identification and scoring
At the end of the assessment, CSM identifies gaps against the IPC chapter 4 controls and produces a scored risk summary — showing what's covered, what's partial, and what's missing.
Sealed SRA report
The completed assessment is sealed and signed as a governance record. The report is formatted for an IPC submission, insurer questionnaire, or evidence package.
Annual reassessment scheduling
SRAs must be conducted annually, or when significant changes occur. CSM schedules the next assessment date and triggers a review when a qualifying change event is logged.
Remediation tracking
Findings from the SRA are tracked as open items in the governance dashboard. Remediation progress is documented and linked back to the original finding.
Who uses this feature
Security Risk Assessment

Complete your SRA the way the IPC expects it to be done.

See the guided SRA builder and get your accountability benchmark to understand your current posture.