Policies, Agreements, Terms & Conditions
MedStack Technology Compliance Policies
Secure areas
Delegate the physical security of all operational systems, facilies, and equipment to major cloud providers
Code | Section | Title |
---|---|---|
ISO | A.11.1 | Secure areas |
ISO | A.11.1.1 | Physical security perimeter |
ISO | A.11.1.2 | Physical entry controls |
ISO | A.11.1.3 | Securing offices, rooms and facilities |
ISO | A.11.1.4 | Protecting against external and environmental threats |
ISO | A.11.1.5 | Working in secure areas |
ISO | A.11.1.6 | Delivery and loading areas |
CHI | SR17 | Physically securing EHRi systems |
SOC2 | CC6.4 | The entity restricts physical access to facilities and protected information assets (for example, data center facilities, back-up media storage, and other sensitive locations) to authorized personnel to meet the entity’s objectives. |
SOC2 | CC6.4 | The entity restricts physical access to facilities and protected information assets (for example, data center facilities, back-up media storage, and other sensitive locations) to authorized personnel to meet the entity’s objectives. |
Delegate the physical management and ownership of all operational systems, facilies, and equipment to major cloud providers
- The full lifecycle of all physical assets
- Environment management
- Recovery from physical disasters
- Maintenance
Code | Section | Title |
---|---|---|
ISO | A.11.2 | Equipment |
ISO | A.11.2.1 | Equipment siting and protection |
ISO | A.11.2.2 | Supporting utilities |
ISO | A.11.2.3 | Cabling security |
ISO | A.11.2.4 | Equipment maintenance |
ISO | A.11.2.5 | Removal of assets |
HIPAA | 164.310(a)(2)(ii) | Contingency operations |
HIPAA | 164.310(a)(2)(iv) | Maintenance records |
SOC2 | A1.2 | The entity authorizes, designs, develops or acquires, implements, operates, approves, maintains, and monitors environmental protections, software, data back-up processes, and recovery infrastructure to meet its objectives. |
SOC2 | A1.2 | The entity authorizes, designs, develops or acquires, implements, operates, approves, maintains, and monitors environmental protections, software, data back-up processes, and recovery infrastructure to meet its objectives. |
Secure office facilities
- Require that office spaces plan, manage, and provide
- Secure windows, doors, roofs, roof access, and parking
- Reasonable locks, electronic access, and alarms
- Access controls for Employee, partner, vendors, guests and deliveries
- Protections against emergencies such as fire
Code | Section | Title |
---|---|---|
HIPAA | 164.310(a)(2)(ii) | Facility security plan |
HIPAA | 164.310(a)(2)(iii) | Access control and validation procedures |
Enforcement
- Responsible party: All managers and supervisors
- sanctions: standard
References
Code | Section | Title |
---|---|---|
HIPAA | 164.310(a) | Facility access controls |
Life Support Mental Health Inc. @ 2023
All Rights Reserved