When you need assurance that your hosting partner follows secure and compliant guidelines for everyday data protection, review their documented policies and procedures. Online Tech’s policies and procedures outline our approach to security by providing insight into company guidelines, expectations and objectives.
Following the HIPAA Security Rule’s Organizational, Policies and Procedures and Documentation Requirements (Standard 164.316(a)) for covered entities:
Implement reasonable and appropriate policies and procedures to comply with the standards, implementation specifications, or other requirements of this subpart, taking into account those factors specified in § 164.306(b)(2)(i), (ii), (iii), and (iv) [the Security Standards: General Rules, Flexibility of Approach].
This standard is not to be construed to permit or excuse an action that violates any other standard, implementation specification, or other requirements of this subpart.
A covered entity may change its policies and procedures at any time, provided that the changes are documented and are implemented in accordance with this subpart.”
Additionally, in accordance with PCI DSS requirement 12.6, organizations must:
Implement a formal security awareness program to make all personnel aware of the importance of cardholder data security.
Updating policies and procedures is important, especially to keep practices aligned with any environmental or operational changes that might affect the security of sensitive information. Availability is also important - these documents should be available internally and to clients under a NDA (non-disclosure agreement).
Online Tech’s policies and procedures and change management controls are documented to provide your company insight into how we manage day-to-day operations and maintain a secure environment.