v17.12.2024 |
Phillip Odam |
compliance_policy.md edited online with Bitbucket |
v17.12.2024 |
Phillip Odam |
platform_overview.md edited online with Bitbucket |
v17.12.2024 |
Phillip Odam |
disaster_recovery_policy.md edited online with Bitbucket |
v17.12.2024 |
Phillip Odam |
data_management_policy.md edited online with Bitbucket |
v17.12.2024 |
Phillip Odam |
auditing_policy.md edited online with Bitbucket |
v17.12.2024 |
Phillip Odam |
auditing_policy.md edited online with Bitbucket |
v22.10.2024 |
Kevin Puscas |
auditing_policy: revised to specify use of AWS Service event and audit trails and specify capturing audit information at each step of multi-step transactions configuration_management_policy: Revise to better explain the shared security model between RH, CD and AWS. data_integrity policy: specify MacOS malware prevention features. Specify that all production data is version controlled data_management_policy: specify that all data stored in AWS S3 is encrypted in rest and transit. Revise to specify that requirements for limited dataset and deidentification of data. disaster_recovery: Added Zach Hill as Operations Manager in Line of Succession. Added Scenario 3 concerning Security Incident/Malware detected. employees_policy: specify that all employee workstations are Apple products. high_availability_policy: Specified use of multi-az serverless components as part of the HA strategy. platform_overview: revised to discuss the shared security model between RH, CD and AWS. policy_management_policy: revise to remove references to DropBox system_access_policy: revised description of how RBAC is implemented via AWS IAM. Added use of OAuth2.0 for Unique user identification. Added policy for passwords in AWS console and RosettaHealth portals. |
v29.08.2024 |
Kevin Puscas |
testing adding toc to pdf |
v04.06.2024 |
Kevin Puscas |
added information about hashing sensitive data. |
v04.06.2024 |
Kevin Puscas |
added policy for passwords in the admin portal |
v02.01.2024 |
Phillip Odam |
Typo |
v02.01.2024 |
Phillip Odam |
Removed whitespace |
v02.01.2024 |
Phillip Odam |
Typo |
v28.12.2023 |
Kevin Puscas |
updates to polices regarding Addigy MDM, Apple Platform Security Mechanisms and update to ClearDATA scanning frequency |
v10.10.2023 |
Kevin Puscas |
reformatted markdown |
v06.10.2023 |
Kevin Puscas |
update pipeline image |
v06.10.2023 |
Kevin Puscas |
Merge branch 'master' of bitbucket.org:nitorsharks/policies_and_procedures |
v06.10.2023 |
Kevin Puscas |
update build mech |
v06.10.2023 |
Kevin Puscas |
update build mech |
v11.01.2023 |
Kevin Puscas |
revised workstation policies to reflect use of MDM |
v20.12.2022 |
Kevin Puscas |
edits regarding disclousures and RTO/RPO |
v15.12.2022 |
Kevin Puscas |
added requirement for use of Oversight |
v15.12.2022 |
Kevin Puscas |
added specificiton about not sharing encryption keys for maintenance |
v15.12.2022 |
Kevin Puscas |
added Disaster Recovery Testing policy |
v15.12.2022 |
Kevin Puscas |
added specific infor to be removed in de-identification |
v08.12.2022 |
Kevin Puscas |
Revised and clarified based on ENHAC pre-audit review |
v29.11.2022 |
Kevin Puscas |
clarifications based on ENHAC auditor reviews |
v29.11.2022 |
Kevin Puscas |
Merge branch 'master' of bitbucket.org:nitorsharks/policies_and_procedures |
v29.11.2022 |
Kevin Puscas |
Clarification on policies as per ENHAC audit |
v07.11.2022 |
Phillip Odam |
Revert "bitbucket-pipelines.yml edited online with Bitbucket" |
v07.11.2022 |
Phillip Odam |
risk_management_policy.md edited online with Bitbucket |
v07.11.2022 |
Phillip Odam |
compliance_policy.md edited online with Bitbucket |
v07.11.2022 |
Phillip Odam |
auditing_policy.md edited online with Bitbucket |
v07.11.2022 |
Phillip Odam |
3rd_party_policy.md edited online with Bitbucket |
v07.11.2022 |
Phillip Odam |
3rd_party_policy.md edited online with Bitbucket |
v07.11.2022 |
Phillip Odam |
platform_overview.md edited online with Bitbucket |
v07.11.2022 |
Phillip Odam |
bitbucket-pipelines.yml edited online with Bitbucket |
v07.11.2022 |
Phillip Odam |
bitbucket-pipelines.yml edited online with Bitbucket |
v07.11.2022 |
Phillip Odam |
bitbucket-pipelines.yml edited online with Bitbucket |
v07.11.2022 |
Phillip Odam |
requirements.txt created online with Bitbucket |
v07.11.2022 |
Phillip Odam |
mkdocs.yml edited online with Bitbucket |
v07.11.2022 |
Phillip Odam |
mkdocs.yml edited online with Bitbucket |
v07.11.2022 |
Phillip Odam |
mkdocs.yml edited online with Bitbucket |
v07.11.2022 |
Phillip Odam |
bitbucket-pipelines.yml edited online with Bitbucket |
v07.11.2022 |
Phillip Odam |
bitbucket-pipelines.yml edited online with Bitbucket |
v07.11.2022 |
Phillip Odam |
bitbucket-pipelines.yml edited online with Bitbucket |
v07.11.2022 |
Phillip Odam |
bitbucket-pipelines.yml edited online with Bitbucket |
v07.11.2022 |
Phillip Odam |
bitbucket-pipelines.yml edited online with Bitbucket |
v07.11.2022 |
Phillip Odam |
bitbucket-pipelines.yml edited online with Bitbucket |
v27.10.2022 |
Kevin Puscas |
Merge branch 'master' of bitbucket.org:nitorsharks/policies_and_procedures |
v27.10.2022 |
Kevin Puscas |
typos |
v27.10.2022 |
Phillip Odam |
Corrected type, changed "depenent" to "dependent" |
v27.10.2022 |
Phillip Odam |
Corrected typos, changed "use and thier" to "user and their" and "uniqure" to "unique" |
v27.10.2022 |
Phillip Odam |
Corrected typo, changed "Querterly" to "Quarterly" |
v27.10.2022 |
Phillip Odam |
Corrected typo, changed "migigate" to "mitigate" |
v27.10.2022 |
Phillip Odam |
Corrected typo, changed "of" to "or" |
v12.10.2022 |
Kevin Puscas |
change RosettaHealth Platform change refrences to links between policy documents. |
v05.10.2022 |
Kevin Puscas |
Added policy covering Emergency access procedure |
v03.10.2022 |
Kevin Puscas |
add detail on ClearDATA IDS for production add info on code scanning during devops removed line of succession from HA |
v13.09.2022 |
Kevin Puscas |
audit_policy - specify properties on S3 buckets. Describe use of Athena for audit reporting system_access_policy - re-organized and added iformation on MFA and AWS IAM configuration_management_policy - refactored to reflect shared CM between ClearDATA and RosettaHealt disaster_recovery - add recovery for lambda issue employees_policy - added training opportunities platform_overview - pulled ISMP into own page |
v22.08.2022 |
Kevin Puscas |
added section on Control of Sensitive Information |
v02.08.2022 |
Kevin Puscas |
modified: mkdocs.yml modified: docs/platform_overview.md modified: docs/policy_change_log.md |
v02.08.2022 |
Kevin Puscas |
pulled the information security mgmt plan into a separate doc |
v01.08.2022 |
Kevin Puscas |
bitbucket-pipelines.yml edited online with Bitbucket |
v01.08.2022 |
Kevin Puscas |
bitbucket-pipelines.yml edited online with Bitbucket |
v01.08.2022 |
Kevin Puscas |
bitbucket-pipelines.yml edited online with Bitbucket |
v01.08.2022 |
Kevin Puscas |
bitbucket-pipelines.yml edited online with Bitbucket |
v22.06.2022 |
Kevin Puscas |
Merge branch 'master' of bitbucket.org:nitorsharks/policies_and_procedures |
v22.06.2022 |
Kevin Puscas |
adding header file for change control generation |
v22.06.2022 |
Kevin Puscas |
bitbucket-pipelines.yml edited online with Bitbucket |
v22.06.2022 |
Kevin Puscas |
Merge branch 'master' of bitbucket.org:nitorsharks/policies_and_procedures |
v22.06.2022 |
Kevin Puscas |
fixed for change_control generate |
v22.06.2022 |
Kevin Puscas |
correct tabbing issue |
v22.06.2022 |
Kevin Puscas |
bitbucket-pipelines.yml edited online with Bitbucket |
v22.06.2022 |
Kevin Puscas |
bitbucket-pipelines.yml edited online with Bitbucket |
v22.06.2022 |
Kevin Puscas |
updates to bitbucket-pipelines.yml file |
v22.06.2022 |
Kevin Puscas |
implementing auto-generated change log mech |
v28.12.2021 |
Kevin Puscas |
auditing_policy.md: removed reference to spreadsheet with alerts by component configuration_management_policy.md: changed to specify FreshDesk as repository for configuration changes added that changes to prod env are reflected in realtime in Hava.io, New Relic and Sba. removed Provisioning request must be entered as a task on the TechTeam Worklist board. changed patching processes to reflect new responsibilties between RH and ClearDATA systems_development_lifecycle_process.md: changed to reflect new task tracking mechanism and change management processes. system_access_policy.md: changed monitis reference to new Uptrends and intruder.io monitoriing services change IHE API authentication to include use of sha-1 hash with OID for authentication. |
v28.06.2021 |
Kevin Puscas |
changed Monitis for Intruder.io |