Policies, Agreements, Terms & Conditions
MedStack Technology Compliance Policies
Secure areas
Delegate the physical security of all operational systems, facilies, and equipment to major cloud providers
| Code | Section | Title |
|---|---|---|
| ISO | A.11.1 | Secure areas |
| ISO | A.11.1.1 | Physical security perimeter |
| ISO | A.11.1.2 | Physical entry controls |
| ISO | A.11.1.3 | Securing offices, rooms and facilities |
| ISO | A.11.1.4 | Protecting against external and environmental threats |
| ISO | A.11.1.5 | Working in secure areas |
| ISO | A.11.1.6 | Delivery and loading areas |
| CHI | SR17 | Physically securing EHRi systems |
| SOC2 | CC6.4 | The entity restricts physical access to facilities and protected information assets (for example, data center facilities, back-up media storage, and other sensitive locations) to authorized personnel to meet the entity’s objectives. |
| SOC2 | CC6.4 | The entity restricts physical access to facilities and protected information assets (for example, data center facilities, back-up media storage, and other sensitive locations) to authorized personnel to meet the entity’s objectives. |
Delegate the physical management and ownership of all operational systems, facilies, and equipment to major cloud providers
- The full lifecycle of all physical assets
- Environment management
- Recovery from physical disasters
- Maintenance
| Code | Section | Title |
|---|---|---|
| ISO | A.11.2 | Equipment |
| ISO | A.11.2.1 | Equipment siting and protection |
| ISO | A.11.2.2 | Supporting utilities |
| ISO | A.11.2.3 | Cabling security |
| ISO | A.11.2.4 | Equipment maintenance |
| ISO | A.11.2.5 | Removal of assets |
| HIPAA | 164.310(a)(2)(ii) | Contingency operations |
| HIPAA | 164.310(a)(2)(iv) | Maintenance records |
| SOC2 | A1.2 | The entity authorizes, designs, develops or acquires, implements, operates, approves, maintains, and monitors environmental protections, software, data back-up processes, and recovery infrastructure to meet its objectives. |
| SOC2 | A1.2 | The entity authorizes, designs, develops or acquires, implements, operates, approves, maintains, and monitors environmental protections, software, data back-up processes, and recovery infrastructure to meet its objectives. |
Secure office facilities
- Require that office spaces plan, manage, and provide
- Secure windows, doors, roofs, roof access, and parking
- Reasonable locks, electronic access, and alarms
- Access controls for Employee, partner, vendors, guests and deliveries
- Protections against emergencies such as fire
| Code | Section | Title |
|---|---|---|
| HIPAA | 164.310(a)(2)(ii) | Facility security plan |
| HIPAA | 164.310(a)(2)(iii) | Access control and validation procedures |
Enforcement
- Responsible party: All managers and supervisors
- sanctions: standard
References
| Code | Section | Title |
|---|---|---|
| HIPAA | 164.310(a) | Facility access controls |
Life Support Mental Health Inc. @ 2022
All Rights Reserved