Headquarters Trust Center

Headquarters is in compliance with security best practices, has implemented and is monitoring comprehensive controls, and maintains policies to outline its security procedures.

legal@headquarters.health

Compliance

Resources

HIPAA Document

FERPA

COPPA

Change Management Policy

Incident Response Policy

Controls

ePHI policy accessibility evidence

Remote access tool

Access restricted to modify infrastructure

Source code access restricted and changes logged

Access control procedures

Data encrypted at rest

Secure disposal of electronic media containing sensitive data (PII, ePHI, etc.)

Customer data deleted after termination

ePHI data sanitization

Database backups performed

Secure connection means utilized

External Attack Surface Vulnerability Scanning & Remediation

Web application firewalls configuration

Source code changes tested and approved

Outsourced development security requirements managed

SSL/TLS certificates for infrastructure

Anti-malware monitoring

Intrusion detection tool

Automated system capacity and performance monitoring

Monitoring tool

Business continuity & disaster recovery plans documented and tested

Security incident logging and review

Breach notification communication

Incident response and breach notification policy

Visitor sign-in, badging, and escort policy

Technology assets inventoried

Documented Vendor Management Program

Annual risk assessments performed

Vendor termination

Vendor list

Vendor onboarding

Media disposal training

Confidentiality Agreement acknowledged by employees

List of newly hired employees & contractors

List of active employees & contractors as on date

Employee handbook

Asset register maintaining

Whisteblower mechanism maintained

Multi-availability zones

Documentation available to internal and external users

Customer support channels available

Risk and Governance Executive Committee meeting minutes

Risk management program

Key management services used

Mobile device management tool configurations

Ticketing tool

Security-related roles

Internal communication for changes in roles

Subprocessors

One platform to connect | ZoomUnknown Category

AWSCloud Infrastructure & Platform Services

GitHubCode & Build Security

SlackBusiness Apps & Productivity

Headquarters Trust Center

Compliance

Links

Resources

Controls

Subprocessors