The ISO provides web vulnerability scans on WashU websites as requested and recommends scanning all websites that will contain PHI. 

The web scan may be setup for passive, active or user-directed scanning. The results of the scan are evaluated by ISO staff with knowledge of the system environment, data, and operational use. The risk of any vulnerability is weighed against this background and based on that a remediation plan is established.

Results are discussed and shared with system administrators.