The free ONC/HHS Security Risk Assessment Tool is the credible baseline — but it only runs on Windows (or as an Excel workbook), it's single-user, and it stops at the SRA. Ward keeps the rigor, runs anywhere, and adds the 2026 readiness report.
Ward deliberately mirrors the ONC SRA Tool's 7 sections, ~120 rubric-scored questions, threat/vulnerability catalog, and likelihood × impact rating, so it's familiar and audit-credible. Then it closes the gaps clinics complain about.
| Capability | ONC/HHS SRA Tool | Ward |
|---|---|---|
| Price | Free | Free (local tier) |
| Runs on Mac & Linux | No (Windows / Excel only) | Yes — browser + Mac/Win/Linux desktop |
| 7 sections, rubric-scored questions | Yes | Yes — same structure & 45 CFR citations |
| Threat/vulnerability catalog | Yes | Yes — extended with 2026-era threats |
| Likelihood × impact rating | Yes (Low/Mod/High) | Yes — identical NIST-aligned math |
| Plain-English guidance per question | Limited | Yes — written for a non-technical Security Officer |
| PHI stays on your machine | Yes | Yes — local-first by default |
| 2026 Security Rule readiness report | No | Yes — one-click, live meter |
| Vendor / BAA tracking | Vendor list only | Yes — BAA status + 2026 verification |
| Import an in-progress ONC file | n/a | On the roadmap (migration importer) |
| Multi-user / MSP multi-client | No | Yes (cloud tiers) |
Why this matters: the ONC tool's biggest real-world complaints are "it won't run on our Macs," "only one person can use it," and "it doesn't tell me about 2026." Ward fixes all three without giving up the local-first PHI model that makes the gov tool trustworthy.
Run a complete HIPAA Security Risk Assessment on any machine — free, local-first, with a built-in 2026 readiness report.
Start your free SRA