Information transfer
MedStack Confidential
Metadata
- responsible officer: CTO
- approved by: CTO
- date
- effective: 2020-07-29
- revised: 2020-07-29
- reviewed: 2022-08-31
Document information transfer security in agreements
- We do not directly transfer PHI to third parties.
| Code | Section | Title |
|---|---|---|
| ISO | A.13.2.2 | Agreements on information transfer |
Cryptographically secure and sign communications
- Use encryption to protect all communications, including
- electronic messaging
- remote conferencing
- interactions with internet-based software applications
| Code | Section | Title |
|---|---|---|
| ISO | A.13.2.3 | Electronic messaging |
| SOC2 | CC6.7 | The entity restricts the transmission, movement, and removal of information to authorized internal and external users and processes, and protects it during transmission, movement, or removal to meet the entity’s objectives. |
Document non-disclosure requirements in agreements
| Code | Section | Title |
|---|---|---|
| ISO | A.13.2.4 | Confidentiality or non-disclosure agreements |
Enforcement
- Responsible party: All managers and supervisors
- sanctions: standard
References
| Code | Section | Title |
|---|---|---|
| ISO | A.13.2 | Information transfer |
| ISO | A.13.2.1 | Information transfer policies and procedures |
| SOC2 | CC6.7 | The entity restricts the transmission, movement, and removal of information to authorized internal and external users and processes, and protects it during transmission, movement, or removal to meet the entity’s objectives. |