There are several strategies of performing risk analysis and there is no solitary approach or 'best practice' that ensures compliance with the Security Rule. Various examples of procedures that might be functional in a risk analysis process are outlined in NIST SP 800-30.6. The rest of this guidance paper explains numerous essentials a risk analysis must include, not considering of the method applied.