Resources
Monitoring
Continuously monitored by Secureframe
Compliance
HIPAA
Monitoring
Change Management
Segregation of Environments
Development, staging, and production environments are segregated.
Availability
Automated Backup Process
Full backups are performed and retained in accordance with the Business Continuity and Disaster Recovery Policy.
Organizational Management
Internal Control Monitoring
A continuous monitoring solution monitors internal controls used in the achievement of service commitments and system requirements.
Information Security Program Review
Management is responsible for the design, implementation, and management of the organization’s security policies and procedures. The policies and procedures are reviewed by management at least annually.
Risk Assessment
Vendor Due Diligence Review
Vendor SOC 2 reports (or equivalent) are collected and reviewed on at least an annual basis.
Access Security
Unique Access IDs
Personnel are assigned unique IDs to access sensitive systems, networks, and information
Access to Product is Restricted
Non-console access to production infrastructure is restricted to users with a unique SSH key or access key
Communications
Privacy Policy
A Privacy Policy to both external users and internal personnel. This policy details the company's privacy commitments.