Vendor Security Questionnaire

Similar documents
IT SECURITY RISK ANALYSIS FOR MEANINGFUL USE STAGE I

WHITE PAPER- Managed Services Security Practices

HIPAA Security and Privacy Policies & Procedures

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

Layer Security White Paper

University of Pittsburgh Security Assessment Questionnaire (v1.7)

Policy and Procedure: SDM Guidance for HIPAA Business Associates

90% 191 Security Best Practices. Blades. 52 Regulatory Requirements. Compliance Report PCI DSS 2.0. related to this regulation

The simplified guide to. HIPAA compliance

TRACKVIA SECURITY OVERVIEW

Checklist for Applying ISO 27000, PCI DSS v2 & NIST to Address HIPAA & HITECH Mandates. Ali Pabrai, MSEE, CISSP (ISSAP, ISSMP)

EXHIBIT A. - HIPAA Security Assessment Template -

SECURITY PRACTICES OVERVIEW

Healthcare Privacy and Security:

Juniper Vendor Security Requirements

Criminal Justice Information Security (CJIS) Guide for ShareBase in the Hyland Cloud

Locking Down the Cloud Security is Not a Myth

The Common Controls Framework BY ADOBE

AUTOTASK ENDPOINT BACKUP (AEB) SECURITY ARCHITECTURE GUIDE

NORTH AMERICAN SECURITIES ADMINISTRATORS ASSOCIATION Cybersecurity Checklist for Investment Advisers

Section 3.9 PCI DSS Information Security Policy Issued: November 2017 Replaces: June 2016

Altius IT Policy Collection Compliance and Standards Matrix

HIPAA Security Checklist

HIPAA Security Checklist

NE HIMSS Vendor Risk. October 9, 2015 MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS

Payment Card Industry (PCI) Data Security Standard

Total Security Management PCI DSS Compliance Guide

Daxko s PCI DSS Responsibilities

Altius IT Policy Collection Compliance and Standards Matrix

Security Rule for IT Staffs. J. T. Ash University of Hawaii System HIPAA Compliance Officer

Physician Office Name Ambulatory EHR Security Risk Analysis

SoftLayer Security and Compliance:

Don t Be the Next Headline! PHI and Cyber Security in Outsourced Services.

Cyber security tips and self-assessment for business

Twilio cloud communications SECURITY

01.0 Policy Responsibilities and Oversight

HIPAA COMPLIANCE FOR VOYANCE

Keys to a more secure data environment

Security Audit What Why

HIPAA Federal Security Rule H I P A A

HIPAA Compliance: What it is, what it means, and what to do about it. Adam Carlson, Security Solutions Consultant Intapp

HITRUST CSF Assurance Program HITRUST, Frisco, TX. All Rights Reserved.

ADIENT VENDOR SECURITY STANDARD

AWS continually manages risk and undergoes recurring assessments to ensure compliance with industry standards.

HIPAA Compliance Checklist

HIPAA COMPLIANCE WHAT YOU NEED TO DO TO ENSURE YOU HAVE CYBERSECURITY COVERED

Checklist: Credit Union Information Security and Privacy Policies

Putting It All Together:

Data Security and Privacy Principles IBM Cloud Services

Solution Pack. Managed Services Virtual Private Cloud Security Features Selections and Prerequisites

Achieving PCI Compliance: Long and Short Term Strategies

INTO THE CLOUD WHAT YOU NEED TO KNOW ABOUT ADOPTION AND ENSURING COMPLIANCE

Cloud Computing Standard 1.1 INTRODUCTION 2.1 PURPOSE. Effective Date: July 28, 2015

SECURITY. The changing Face and Focus. UPDATED - May Sr. Advisor/Partner at PostMark 21 years in corporate IT P&G and RJ Reynolds

CTS performs nightly backups of the Church360 production databases and retains these backups for one month.

Sample Security Risk Analysis ASP Meaningful Use Core Set Measure 15

Security Policies and Procedures Principles and Practices

Going Paperless & Remote File Sharing

ORA HIPAA Security. All Affiliate Research Policy Subject: HIPAA Security File Under: For Researchers

Cisco Meraki Privacy and Security Practices. List of Technical and Organizational Measures

Security Information & Policies

These rules are subject to change periodically, so it s good to check back once in a while to make sure you re still compliant.

Security Architecture

Recommendations for Implementing an Information Security Framework for Life Science Organizations

HIPAA SECURITY RISK ASSESSMENT

HIPAA Assessment. Prepared For: ABC Medical Center Prepared By: Compliance Department

ENDNOTE SECURITY OVERVIEW INCLUDING ENDNOTE DESKTOP AND ONLINE

What s New with HIPAA? Policy and Enforcement Update

Cloud & Managed Server Hosting for Healthcare Professionals

2018 IT Priorities: Cybersecurity, Cloud Outsourcing & Risk Management. Follow Along

Integrated Cloud Environment Security White Paper

ISE North America Leadership Summit and Awards

Support for the HIPAA Security Rule

Applying ISO and NIST to Address Compliance Mandates The Four Laws of Information Security

No Country for Old Security Compliance in the Cloud. Joel Sloss, CDSA Board of Directors May 2017

HIPAA RISK ADVISOR SAMPLE REPORT

Introduction to AWS GoldBase

Automate sharing. Empower users. Retain control. Utilizes our purposebuilt cloud, not public shared clouds

HIPAA 101: What All Doctors NEED To Know

Administration and Data Retention. Best Practices for Systems Management

Google Cloud Platform: Customer Responsibility Matrix. December 2018

Subject: University Information Technology Resource Security Policy: OUTDATED

Update on HIPAA Administration and Enforcement. Marissa Gordon-Nguyen, JD, MPH October 7, 2016

U.S. Department of Health and Human Services (HHS) The Office of the National Coordinator for Health Information Technology (ONC)

Projectplace: A Secure Project Collaboration Solution

Google Cloud Platform: Customer Responsibility Matrix. April 2017

Plenary Session: Branch Cybersecurity Controls Thursday, February 22 1:15 p.m. 2:15 p.m.

efolder White Paper: HIPAA Compliance

How To Establish A Compliance Program. Richard E. Mackey, Jr. SystemExperts Corporation

WHITE PAPER. HIPAA Breaches Continue to Rise: Avoid Becoming a Casualty

Information Technology Update

Is your privacy secure? HIPAA Compliance Workshop September Presented by: Andrés Castañeda, Senior Manager Steve Nouss, Partner

How Secure Do You Feel About Your HIPAA Compliance Plan? Daniel F. Shay, Esq.

COUNTERING CYBER CHAOS WITH HIPAA COMPLIANCE. Presented by Paul R. Hales, J.D. May 8, 2017

HIPAA Security. 3 Security Standards: Physical Safeguards. Security Topics

Watson Developer Cloud Security Overview

PCI Time-Based Requirements as a Starting Point for Business-As-Usual Process Monitoring

ISO27001 Preparing your business with Snare

Ensuring Desktop Central Compliance to Payment Card Industry (PCI) Data Security Standard

Cybersecurity. Overview. Define Cyber Security Importance of Cyber Security 2017 Cyber Trends Top 10 Cyber Security Controls

Transcription:

Business Associate Vendor Name Vendor URL Vendor Contact Address Vendor Contact Email Address Vendor Contact Phone Number What type of Service do You Provide Covenant Health? How is Protected Health Information (PHI): Used Accessed Stored Has a Network Penetration Test be Done on Website (applicable if using a web-based product) Has a Application Penetration Test be Done on Website (applicable if using a web-based product) Administrative Safeguards Do you keep an inventory of where Protected Health Information (PHI) is: Used Disclosed Stored Transmitted When was the last Security Risk Analysis Conducted? When was the last Compliance Assessment Evaluation Conducted?

Is ephi Stored or Accessed on Portable Media? If YES Describe your Security Measures? (Attach Policy) What was the Date of Your Last Full Backup? Describe the Process or Attach the Policy and/or Form to Grant Workforce Members Access. Describe or Attach all Security Testing that has been Performed over the Past Year. Have you been Audited against any of the following Guidelines or are you Currently certified against any of the following standards? NIST, HIPAA, PCI DSS, ISO 27001, ISO 27002, SSAE16 SOC1 or SOC2, ISAE3402, CSA Cloud Controls Matrix, or other equivalent standard? Are you able to share with us a current report of the audit results? Physical Safeguards Describe your Measures to Destroy Items Containing PHI (Media, Paper, Hard Drives). Is there a Disaster Recovery Program and Back-up Process? Where is (are) your data center(s) located? Describe the physical security, disaster recovery, back up/redundancy, and prevention features of your data center. Who (including data center staff, other employees and vendors) has physical access to the host servers?

Network Security Are industry-standard firewalls deployed? Where are they deployed? Is the software and firmware on the firewall at a supportable level? Is administrative access to firewalls and other perimeter devices allowed only through secure methods? Does your company use an intrusion prevention system OPS? Does your company use intrusion detection systems (IDSs)? How long are IDS logs kept? Are formal incident-response procedures in place? How are operating systems kept up to date? Are they tested regularly? How does your company keep abreast of software vulnerabilities? What Is the procedure for installing software updates? Are file permissions set on a need-to-access basis? Are ongoing vulnerability assessments performed against the systems?

System Security Are ongoing vulnerability assessments performed against the systems? Are audit logs implemented on all systems that store or process critical information? How often are these logs reviewed? Staff Security Has the staff undergone complete background and criminal checks? What are the on call processes for security staff? Are screen-blanking mechanisms deployed on all employee workstations? Do sessions automatically time out after an idle period? Describe the user account and password policy. Security Breach Response Describe your security breach response policies. Have you experienced any security breaches in the past 36 months? Describe your anti-virus strategy including the products you use.

Disaster Recovery/Back Up Describe your disaster recovery/back up policy. How often is your disaster recovery plan updated? Has your disaster recovery plan been tested? Privacy/Confidentiality of Data How does your company protect the privacy of any information that may be collected and maintained through the software? Are your data centers SSAE16 audited and/or is your operating environment ISO 27001/27002 compliant? How is data integrity ensured? What checks are carried out on people who might have access to the data? Transition Services What happens to our data if we decide to terminate the license/subscription with your company?

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback