MedStack Technology Compliance Policies

Asset management

Maintain an asset inventory

  • Automatically identify all assets
    • Use automated tools to detect assets and to maintain and update the asset inventory.
    • Link each asset to an internal or customer owner and responsible party.
ISOA.8.1.1Inventory of assets
SOC2CC6.1The entity implements logical access security software, infrastructure, and architectures over protected information assets to protect them from security events to meet the entity’s objectives.

Use company-owned assets

  • The company must own all production systems and employee workstations.
ISOA.8.1.2Ownership of assets

Acceptable Use for employees

  • Assets may only be used as defined in these policies.
  • Access PHI only in aggregate form as needed to fulfill work duties.
  • Do not read individual PHI records.
ISOA.8.1.3Acceptable use of assets

Return organizational assets upon

  • termination of employee
  • change of role, where employee no longer requires assets
ISOA.8.1.4Return of assets

Manage the installation of software

  • Production systems
    • Install software programmatically and manage what software is installed in source control.
  • Workstations and mobile devices
    • Install software only from trusted sources.
ISOA.12.6.2Restrictions on software installation
SOC2CC6.8The entity implements controls to prevent or detect and act upon the introduction of unauthorized or malicious software to meet the entity’s objectives.


  • Responsible party: All managers and supervisors
  • sanctions: standard


ISOA.8.1Responsibility for assets
CHISR8Responsibility for information assets

Mental Health Check

Life Support Mental Health Inc. @ 2024

All Rights Reserved

Mental Health Check | Life Support Mental Health Inc. © 2024 | All Rights Reserved