Detroit Wayne Integrated Health Network

The buyer seeks proposals for conducting a comprehensive SOC 2 Type 2 audit incorporating the NIST Cybersecurity Framework. The audit will assess compliance with Trust Services Criteria, HIPAA rules, HITRUST requirements, and SOC for Cybersecurity standards. The scope includes planning, readiness assessment, control testing, reporting, and post-audit support. The buyer serves individuals with mental illness, emotional disturbance, autism, intellectual/developmental disabilities, and substance use disorders in Detroit and Wayne County.

• 1/21/2025 - Pre-Proposal Virtual Conference
• 1/23/2025 - Pre-Proposal Question Deadline
• 1/31/2025 - Proposal Due Date

• Five years experience conducting SOC 2 Type 2 audits
• Expertise in NIST CSF, HIPAA compliance, HITRUST controls, and SOC for Cybersecurity
• Team member must be a Certified Public Accountant
• Team members must have relevant professional certifications like CISA, CISSP, CHP, CCSFP, or CIPP/US

• Conduct SOC 2 Type 2 audit incorporating NIST Cybersecurity Framework
• Assess compliance with Trust Services Criteria, HIPAA rules, and HITRUST requirements
• Perform readiness assessment and gap analysis using NIST CSF framework
• Review policies, procedures, and supporting documentation for information security
• Test and validate controls aligned with NIST CSF and related compliance frameworks
• Prepare comprehensive reports including SOC 2 Type 2, HIPAA/HITRUST compliance, and cybersecurity
• Provide post-audit support and remediation recommendations
• Conduct workshops to align future compliance efforts
• Offer guidance on implementing continuous monitoring and improvement plans