| v22.01.2025 |
Kevin Puscas |
update to RPO |
| v22.01.2025 |
Kevin Puscas |
Revised RTO to 48 hours |
| v17.12.2024 |
Phillip Odam |
compliance_policy.md edited online with Bitbucket |
| v17.12.2024 |
Phillip Odam |
platform_overview.md edited online with Bitbucket |
| v17.12.2024 |
Phillip Odam |
disaster_recovery_policy.md edited online with Bitbucket |
| v17.12.2024 |
Phillip Odam |
data_management_policy.md edited online with Bitbucket |
| v17.12.2024 |
Phillip Odam |
auditing_policy.md edited online with Bitbucket |
| v17.12.2024 |
Phillip Odam |
auditing_policy.md edited online with Bitbucket |
| v22.10.2024 |
Kevin Puscas |
auditing_policy: revised to specify use of AWS Service event and audit trails and specify capturing audit information at each step of multi-step transactions configuration_management_policy: Revise to better explain the shared security model between RH, CD and AWS. data_integrity policy: specify MacOS malware prevention features. Specify that all production data is version controlled data_management_policy: specify that all data stored in AWS S3 is encrypted in rest and transit. Revise to specify that requirements for limited dataset and deidentification of data. disaster_recovery: Added Zach Hill as Operations Manager in Line of Succession. Added Scenario 3 concerning Security Incident/Malware detected. employees_policy: specify that all employee workstations are Apple products. high_availability_policy: Specified use of multi-az serverless components as part of the HA strategy. platform_overview: revised to discuss the shared security model between RH, CD and AWS. policy_management_policy: revise to remove references to DropBox system_access_policy: revised description of how RBAC is implemented via AWS IAM. Added use of OAuth2.0 for Unique user identification. Added policy for passwords in AWS console and RosettaHealth portals. |
| v29.08.2024 |
Kevin Puscas |
testing adding toc to pdf |
| v04.06.2024 |
Kevin Puscas |
added information about hashing sensitive data. |
| v04.06.2024 |
Kevin Puscas |
added policy for passwords in the admin portal |
| v02.01.2024 |
Phillip Odam |
Typo |
| v02.01.2024 |
Phillip Odam |
Removed whitespace |
| v02.01.2024 |
Phillip Odam |
Typo |
| v28.12.2023 |
Kevin Puscas |
updates to polices regarding Addigy MDM, Apple Platform Security Mechanisms and update to ClearDATA scanning frequency |
| v10.10.2023 |
Kevin Puscas |
reformatted markdown |
| v06.10.2023 |
Kevin Puscas |
update pipeline image |
| v06.10.2023 |
Kevin Puscas |
Merge branch 'master' of bitbucket.org:nitorsharks/policies_and_procedures |
| v06.10.2023 |
Kevin Puscas |
update build mech |
| v06.10.2023 |
Kevin Puscas |
update build mech |
| v11.01.2023 |
Kevin Puscas |
revised workstation policies to reflect use of MDM |
| v20.12.2022 |
Kevin Puscas |
edits regarding disclousures and RTO/RPO |
| v15.12.2022 |
Kevin Puscas |
added requirement for use of Oversight |
| v15.12.2022 |
Kevin Puscas |
added specificiton about not sharing encryption keys for maintenance |
| v15.12.2022 |
Kevin Puscas |
added Disaster Recovery Testing policy |
| v15.12.2022 |
Kevin Puscas |
added specific infor to be removed in de-identification |
| v08.12.2022 |
Kevin Puscas |
Revised and clarified based on ENHAC pre-audit review |
| v29.11.2022 |
Kevin Puscas |
clarifications based on ENHAC auditor reviews |
| v29.11.2022 |
Kevin Puscas |
Merge branch 'master' of bitbucket.org:nitorsharks/policies_and_procedures |
| v29.11.2022 |
Kevin Puscas |
Clarification on policies as per ENHAC audit |
| v07.11.2022 |
Phillip Odam |
Revert "bitbucket-pipelines.yml edited online with Bitbucket" |
| v07.11.2022 |
Phillip Odam |
risk_management_policy.md edited online with Bitbucket |
| v07.11.2022 |
Phillip Odam |
compliance_policy.md edited online with Bitbucket |
| v07.11.2022 |
Phillip Odam |
auditing_policy.md edited online with Bitbucket |
| v07.11.2022 |
Phillip Odam |
3rd_party_policy.md edited online with Bitbucket |
| v07.11.2022 |
Phillip Odam |
3rd_party_policy.md edited online with Bitbucket |
| v07.11.2022 |
Phillip Odam |
platform_overview.md edited online with Bitbucket |
| v07.11.2022 |
Phillip Odam |
bitbucket-pipelines.yml edited online with Bitbucket |
| v07.11.2022 |
Phillip Odam |
bitbucket-pipelines.yml edited online with Bitbucket |
| v07.11.2022 |
Phillip Odam |
bitbucket-pipelines.yml edited online with Bitbucket |
| v07.11.2022 |
Phillip Odam |
requirements.txt created online with Bitbucket |
| v07.11.2022 |
Phillip Odam |
mkdocs.yml edited online with Bitbucket |
| v07.11.2022 |
Phillip Odam |
mkdocs.yml edited online with Bitbucket |
| v07.11.2022 |
Phillip Odam |
mkdocs.yml edited online with Bitbucket |
| v07.11.2022 |
Phillip Odam |
bitbucket-pipelines.yml edited online with Bitbucket |
| v07.11.2022 |
Phillip Odam |
bitbucket-pipelines.yml edited online with Bitbucket |
| v07.11.2022 |
Phillip Odam |
bitbucket-pipelines.yml edited online with Bitbucket |
| v07.11.2022 |
Phillip Odam |
bitbucket-pipelines.yml edited online with Bitbucket |
| v07.11.2022 |
Phillip Odam |
bitbucket-pipelines.yml edited online with Bitbucket |
| v07.11.2022 |
Phillip Odam |
bitbucket-pipelines.yml edited online with Bitbucket |
| v27.10.2022 |
Kevin Puscas |
Merge branch 'master' of bitbucket.org:nitorsharks/policies_and_procedures |
| v27.10.2022 |
Kevin Puscas |
typos |
| v27.10.2022 |
Phillip Odam |
Corrected type, changed "depenent" to "dependent" |
| v27.10.2022 |
Phillip Odam |
Corrected typos, changed "use and thier" to "user and their" and "uniqure" to "unique" |
| v27.10.2022 |
Phillip Odam |
Corrected typo, changed "Querterly" to "Quarterly" |
| v27.10.2022 |
Phillip Odam |
Corrected typo, changed "migigate" to "mitigate" |
| v27.10.2022 |
Phillip Odam |
Corrected typo, changed "of" to "or" |
| v12.10.2022 |
Kevin Puscas |
change RosettaHealth Platform change refrences to links between policy documents. |
| v05.10.2022 |
Kevin Puscas |
Added policy covering Emergency access procedure |
| v03.10.2022 |
Kevin Puscas |
add detail on ClearDATA IDS for production add info on code scanning during devops removed line of succession from HA |
| v13.09.2022 |
Kevin Puscas |
audit_policy - specify properties on S3 buckets. Describe use of Athena for audit reporting system_access_policy - re-organized and added iformation on MFA and AWS IAM configuration_management_policy - refactored to reflect shared CM between ClearDATA and RosettaHealt disaster_recovery - add recovery for lambda issue employees_policy - added training opportunities platform_overview - pulled ISMP into own page |
| v22.08.2022 |
Kevin Puscas |
added section on Control of Sensitive Information |
| v02.08.2022 |
Kevin Puscas |
modified: mkdocs.yml modified: docs/platform_overview.md modified: docs/policy_change_log.md |
| v02.08.2022 |
Kevin Puscas |
pulled the information security mgmt plan into a separate doc |
| v01.08.2022 |
Kevin Puscas |
bitbucket-pipelines.yml edited online with Bitbucket |
| v01.08.2022 |
Kevin Puscas |
bitbucket-pipelines.yml edited online with Bitbucket |
| v01.08.2022 |
Kevin Puscas |
bitbucket-pipelines.yml edited online with Bitbucket |
| v01.08.2022 |
Kevin Puscas |
bitbucket-pipelines.yml edited online with Bitbucket |
| v22.06.2022 |
Kevin Puscas |
Merge branch 'master' of bitbucket.org:nitorsharks/policies_and_procedures |
| v22.06.2022 |
Kevin Puscas |
adding header file for change control generation |
| v22.06.2022 |
Kevin Puscas |
bitbucket-pipelines.yml edited online with Bitbucket |
| v22.06.2022 |
Kevin Puscas |
Merge branch 'master' of bitbucket.org:nitorsharks/policies_and_procedures |
| v22.06.2022 |
Kevin Puscas |
fixed for change_control generate |
| v22.06.2022 |
Kevin Puscas |
correct tabbing issue |
| v22.06.2022 |
Kevin Puscas |
bitbucket-pipelines.yml edited online with Bitbucket |
| v22.06.2022 |
Kevin Puscas |
bitbucket-pipelines.yml edited online with Bitbucket |
| v22.06.2022 |
Kevin Puscas |
updates to bitbucket-pipelines.yml file |
| v22.06.2022 |
Kevin Puscas |
implementing auto-generated change log mech |