The vendor is required to provide information security management system (ISMS) towards obtaining iso 27001 certification.
• A design suitable to support the ISMS for a complex enterprise-scale healthcare environment.
• Multi-factor authentication and role-based accounts, including support for an “auditor” read only account.
• ISMS document versioning, review, and approval.
o Migration of existing data, including versioning/review/approval history, is performed.
• Support for integration with SharePoint and OneDrive.
• Workflow capabilities for ISMS tasks (such as annual review of mandatory documents, internal audits, management reviews, etc.) including task owners, auto-routing of approvals, and activity tracking.
• Automation of ISMS risk assessment, including built-in asset, risk, threat, and mitigation catalogs including mapping of mitigations to annex a control.
o Support for risks and threats specific to healthcare should be detailed.
• Automation for the creation and annual review of the statement of applicability.
• Automation of compliance and internal audit, with reporting that includes historical and trend information.
• Automation of performance measurement and generation of KPIs and executive dashboards, including trending over time.
• Support for security in supply chain management.
• Integration with, or reporting suitable for use as an input by, corporate enterprise risk management (ERM) systems.
• Reporting suitable to use as an input by enterprise internal audit.
• Support for reducing effort by external auditors (including certification auditors).
- Questions/Inquires Deadline: June 05, 2025