Epic Security Assessment Program

We use a comprehensive Epic Security Framework spanning Patient Safety, Administration, Application Security and Infrastructure Management to identify gaps in best practice and provide benchmarks against other organizations using Epic and a roadmap for improvement with both short term and long term goals.


We meet with Epic application, infrastructure, networking, and security stakeholders to gain an understanding of the current-state. We review Epic application security configurations, system access and architecture.

We identify gaps and limitations of controls compared to industry best practices. We collaboratively develop an Epic Security Program Roadmap to improve maturity and manage risks to patient data and revenue systems within Epic.

Targeting Critical Epic Assets

  • Cache Database
  • Clarity Data Warehouse
  • Interconnect
  • Printers
  • BCA / Downtime PCs
  • FHIR
  • MyChart
  • MyChart Mobile
  • Medical Devices

The Epic “Honeycomb” Framework

Our Epic Security Program “Honeycomb” is a collection of process and technical controls that describe best practices in Epic security. Mike Pinch created this framework based on his experience as a hospital CISO and has vetted and used the content with many other hospital CISOs and Epic teams to solidify its contents. Each tile has objective, defined maturity criteria allowing for consistent and quantifiable scoring and improvement over time.

Assessment Scoring and Heatmap

See how you scored and identify areas that need the most improvement.

Benchmark Reporting

See how your organization compares to similar healthcare systems that use Epic.

Recommendations Roadmap

SRA will group recommendations into Quick Wins, High-Value Enhancements, and Long-Term Objectives, each with a target timeframe for completion.

Does your organization want to align with NIST CSF or ISO 27K?

Learn more about how our H24 Capabilities Framework can help