It consists of the use of security measures that are enough to reduce risks and maintain vulnerabilities at an acceptable level
It consists of the implementation of both software and hardware among other mechanisms, which are necessary to analyze information systems.
It consists of standard periodical technical and non-technical reviews to analyze document compliance to HIPAA security rules and the security policy of the organization