Generating the Report:
The audit report should be generated annually in September, and the report requires approval by the Sage Bionetworks Director of Governance. The report should contain data from the past two audit cycles. For example, the October 2021 audit report should contain data from the Q1/Q2 2021 audit and the Q3/Q4 2020 audit periods.
Use this audit report template to generate the report. The same audit report can be submitted to WIRB and to HITRUST. The report should be finalized by the end of September so that it can be submitted to WIRB and HITRUST in October.
Submitting the Report:
One audit report will be generated for both the WIRB and HITRUST submissions.
WIRB Submission:
The Governance Regulatory Support team will submit the audit report during the Synapse Continuing Review, which occurs annually in October. For reference, Synapse submissions to WIRB are stored here.
HITRUST Submission:
The Synapse Security Engineer will submit the audit report to HITRUST annually in October.
Storing the Report:
Store the audit report, associated data files, and Community Manager/Synapse user responses here.