Epic Security Assessment Program
Approach
We meet with Epic application, infrastructure, networking, and security stakeholders to gain an understanding of the current-state. We review Epic application security configurations, system access and architecture.
We identify gaps and limitations of controls compared to industry best practices. We collaboratively develop an Epic Security Program Roadmap to improve maturity and manage risks to patient data and revenue systems within Epic.
Targeting Critical Epic Assets
- Cache Database
- Clarity Data Warehouse
- Interconnect
- Printers
- BCA / Downtime PCs
- FHIR
- MyChart
- MyChart Mobile
- Medical Devices

The Epic “Honeycomb” Framework
Our Epic Security Program “Honeycomb” is a collection of process and technical controls that describe best practices in Epic security. Mike Pinch created this framework based on his experience as a hospital CISO and has vetted and used the content with many other hospital CISOs and Epic teams to solidify its contents. Each tile has objective, defined maturity criteria allowing for consistent and quantifiable scoring and improvement over time.
Assessment Scoring and Heatmap
See how you scored and identify areas that need the most improvement.

Benchmark Reporting
See how your organization compares to similar healthcare systems that use Epic.

Recommendations Roadmap
SRA will group recommendations into Quick Wins, High-Value Enhancements, and Long-Term Objectives, each with a target timeframe for completion.
