Question 39.

For the Designated Network, submit a copy of the executive summary of your most recent third-party security vulnerability assessment and technical audit, consistent with requirements of Section 4.2. of the SOP: QHIN Security Requirements for the Protection of TI. If the executive summary contains IP addresses or any other identifiable information that is considered confidential or of a sensitive nature, for example, a host name and the specific vulnerability associated with that host name, please redact such information.

If you do not have evidence of your most recent third-party security vulnerability assessment at the time of application, please address in the project plan required in Part VI of this application how you will fulfill this obligation prior to conformance testing.