Frequently Asked Questions
10. How do you bill?
How did you develop the [CCOM²] platform?
Over the past decade our physician security experts have extensively mapped clinical workflows, their dependencies and how different vulnerabilities and threats can impact patient outcomes and hospital operations.
This granular detail formed the basis of a range of mathematical/statistical models (CCOM), manual consulting tools (e.g. The COFR Approach) and frameworks that we have used to advise government agencies, healthcare providers and technology suppliers about digital risks in healthcare. The tremendous impact of these models led to demand for an automated version that could be used any time, at scale and for any hospital ecosystem.
From this demand [CCOM²] was born.
Is [CCOM²] exclusively developed for healthcare?
Yes it is. We pride ourselves on having a solution built for healthcare by healthcare experts that have actually worked on the frontlines of healthcare and understand the real impact of tangible clinical and organizational risks.
What data do I already need to have to be able to use [CCOM²]?
The power of [CCOM²] is translating technical security data into clinical, organizational, financial and regulatory risk exposure metrics. If you already have a vulnerability scanner then you have all the data you need to start using the power of [CCOM²]. To get started you need:
Asset Identifiers (e.g. MAC Address, IP address)
CVE IDs associated with an asset
CVSS Scores for each CVE
Transfer/Import all this information to our 'Asset Data Input Template' and select a 'CCOM Asset Category' for each asset then you're ready to upload your data in your secure portal page online for real time analysis.
Does [CCOM²] work with all vulnerability scanners?
[CCOM²] can interpret data from any vulnerability scanner or sensor that can generate the necessary input data. We are also actively engaged with a range of major systems integrators and security suppliers to develop APIs to streamline data transmission.
Can I use [CCOM²] as a risk forecasting tool?
Definitely. The [CCOM²] platform can help all executives, from the Chief Medical Officer to the Chief Financial Officer, understand the potential severity of different types of risks (clinical, organizational, financial, regulatory) to an organization based on detected vulnerabilities.
Can I use [CCOM²] to guide my remediation plans?
Yes, [CCOM²] has a risk ranking metric called R² that can be used to organize assets and vulnerabilities for remediation in order of the total amount of risk they are contributing to an organization based on the data that has been uploaded for analysis. These rankings can be sorted under 5 different risk themes - Clinical, Organizational, Financial, Regulatory and Total Risk.
Does [CCOM²] provide guidance based on regulatory guidelines?
The regulatory scoring models have been developed based on interpretations of global best practice guidelines and regulations that are accepted globally including from ISO, NIST, IEC, the FDA, MITRE, HHS, NHS and EC.
For US healthcare providers [CCOM²] will specifically highlight vulnerabilities that could lead to PCI DSS audit failures and penalties if investigated by HIPAA under sections
How do I interpret the different headings in the results?
Download the factsheet that explains the language and presentation of [CCOM²] results.
Is [CCOM²] cloud based?
Yes but on-premise deployments are possible upon request.
How do you bill?
There are two plans available - Professional and Enterprise - which can be billed monthly or annually including support. They vary based on the number of unique assets you can regularly analyze and the number of hospitals in a health system that can use a solution. Complete this RFQ Form to receive your tailored quote.
Can I request a trial?
Yes, 7 day trials are available. To request a trial with further details please complete the RFQ Form.