JPS seeks a single vendor to provide IT Security and MSSP Performance Audit Services leveraging specialized expertise to improve JPS’s IT security posture. This engagement addresses risks associated with healthcare regulations, IT system security, and compliance with industry standards. The scope includes: • Comprehensive IT Security Posture Audit: Conduct in-depth audits of JPS’s overall IT security environment, encompassing system configurations, threat detection capabilities, data protection protocols, and incident response procedures. Evaluate the organization’s readiness against current and emerging cybersecurity threats. • MSSP Performance and Security Audit: Assess the performance and security measures of JPS’s Managed Security Service Provider, verifying adherence to service-level agreements, assessing cybersecurity effectiveness, and ensuring optimal performance of outsourced security functions. Confirm that the MSSP aligns with healthcare-specific security requirements, regulatory standards, and provides robust protection against evolving threats. Evaluate MSSP high-priority threats and response escalation procedures to ensure seamless coordination and readiness between JPS and MSSP teams. Evaluate the MSSP’s threat intelligence capabilities, assessing real-time integration into JPS’s security framework, and measure its effectiveness against healthcare-specific threats. • Healthcare Regulatory and Compliance Audit: Prioritize compliance with DOJ, HHS OIG, HIPAA, and Texas regulations. Focus on financial oversight, fraud prevention, patient data protection, and adherence to local mandates impacting healthcare providers. Include a review of specialized healthcare and IT operations relevant to both non-clinical and clinical environments. Conduct a comprehensive assessment of third-party vendor risk, focusing on their impact on JPS’s IT security posture. Review vendors compliance with healthcare security and data protection standards.
