Patronus Security will provide a highly qualified and experienced Chief Information Security Officer to create, build manage and lead your information security program

All healthcare organizations and their business associates are required by the HIPAA regulations to have a named Chief Information Security Officer (or CISO). CISO as a Service, provides an experienced, highly qualified individual to serve as the full or part-time CISO for healthcare organizations. Patronus’s expert CISOs know how to assess, create and manage a healthcare organizations information security program effectively and efficiently.

The Fractional CISO service of Patronus Security exists to enable small to large organizations who cannot afford a qualified full-time HIPAA Information Security Officer to outsource the role to a highly qualified individual on a part-time basis.

The service includes:


  • Outsourced fractional CISO – A highly-qualified individual to act as the named security officer of the entity consistent with the HIPAA Security Rule requirement.

  • Compliancer Coordinator –  qualified security compliance coordinator to assist in the implementation and ongoing management and documentation of policies, procedures and controls.

  • Risk Analysis – Conducting of the organization’s annual risk analysis.

  • Security Management Plan – Management, oversight and implementation of the organizations security management plan. 

  • Incident Response and Reporting Management – Oversight, management and logging of security incidents including reporting determination and breach assessment.

  • Governance Regulatory and Compliance Software – Licensing of compliance software, available to key personnel, to manage and document ongoing compliance efforts.

  • Training – Learning Management System and Training Content

  • Vulnerability Management – Ongoing technical assessments such as periodic vulnerability scans. 

  • Committees – Inclusion on and leadership of HIPAA Compliance committees.

  • The CISO is onsite during the Onboarding period (consistent with the fraction purchased) to oversee adoption of new policies, controls, etc.

Onboarding process.


  • A complete review of the HIPAA Security policies currently in place.

  • Creation of a policy map and security controls gap analysis identifying needed policies and controls.

  • Oversight of the development and adoption of new policies and procedures needed to comply with the regulations.

  • Oversight and implementation of needed administrative, physical and technical controls consistent with ensuring the confidentiality, integrity and availability of the organizations ePHI.


CISO as a service can be purchased in ¼ increments. Contact us today for a proposal and to learn more.