*Greetings !
Please let me know if you have anyone on this.
Job Title: HIPPA audit and assessment experience.
Location: Rockville, MD.
Duration: 2 months.
Job Duties/Responsibilities:
Scope of Work:
Enable the County’s ERP Systems and MC311 CRM System become compliant with
security and privacy regulations, the Maryland Public Information Act and
contractual obligations:
1. Using NIST guidelines as interpreted by the County’s Security
Policy and the Security Architect or his designate, develop System Security
Plans (SSPs) and Risk Assessment Reports for the ERP Systems and for the
MC311 CRM systems that would conform to the County's Security Program and
use supplied templates. The SSPs will be a baseline that includes, but not
limited to, the following components:
i. System Description and Scope
ii. Roles and Responsibilities
iii. Rules of Behavior
iv. Policies and Procedures
v. Security Controls Description
vi. Interconnect documents describing out of scope systems
The Risk Assessment Reports would include the following:
i. Gap Analysis
ii. Resultant Risks
iii. Mitigation Recommendations
(The contractor's involvement will be limited to providing pertinent
information based on their assessment of the current status with
recommendations on responsibilities and controls. The contractor will not be
required to provide Certification and Accreditation (C&A) services.)
2. Using previous experience and best practice provide a SOX
assessment of this financial system (not the MC311 CRM system).
3. Using previous experience and best practice provide a HIPAA
security and privacy rule assessment of this system (not the MC311 CRM
system).
4. All interviews will be conducted with a member of the DTS Security
Team present.
5. The County will provide the contractor the facilities necessary to
conduct interviews with supporting documents relevant to the interviews.
6. All data discovered and documented by these processes will be
treated as “confidential” for internal County use only.
Montgomery County Government reserves the right to review and make
final decisions as it pertains to staff and their replacement.
Deliverables:
§ Monthly Status Reports detailing:
a. Current Status/Findings to date
b. Potential Risks/Stop Gaps
c. Remediation Recommendations
§ A System Security Plan for ERP system. The SSP must include the
components as listed above in the task section.
§ A System Security Plan for the MC311 CRM system. The SSP must include the
components as listed above in the task section
§ A written SOX assessment for the ERP system.
§ A written HIPAA assessment for both the privacy and security rules for
the ERP system.
*
*
Thanks/Regards,
Rahul,
IT-SCIENT LLC || Fremont, CA|| Phone: 510-972-5224|| Fax: 877.701.4872 ||
Email: [email protected] || www.itscient.com ||
*