| β | Customer Data Deletion Upon Termination | Product | Customer data is securely deleted when no longer needed or upon contract termination in accordance with data retention policies. |
| β | Data Classification | Product | Data is classified by sensitivity and handled accordingly to ensure appropriate levels of protection. |
| β | Designated Security Officials | Organizational | BenOsphere has implemented and verified control for: Designated Security Officials. |
| β | Contractor Requirements | Organizational | BenOsphere has implemented and verified control for: Contractor Requirements. |
| β | Credential Keys Managed | Infrastructure | BenOsphere has implemented and verified control for: Credential Keys Managed. |
| β | Cryptography Policies | Infrastructure | BenOsphere has implemented and verified control for: Cryptography Policies. |
| β | System Access Granted | Infrastructure | System access is managed using a role-based model and is revoked immediately upon employee or contractor termination. |
| β | Terminated Employee Access Revoked Within One Business Day | Infrastructure | System access is managed using a role-based model and is revoked immediately upon employee or contractor termination. |
| β | Unique Accounts Used | Infrastructure | BenOsphere has implemented and verified control for: Unique Accounts Used. |
| β | Unique SSH | Infrastructure | Public SSH access is disabled. Only authenticated and authorized users with unique credentials can access systems via secure protocols. |
| β | Users Can Access All Their Information | Product | Each user is provisioned with a unique account. Access is monitored and governed by least privilege principles. |
| β | Users Can Update their Information | Product | Users can view and update their information through a secure, authenticated interface in compliance with data accuracy standards. |
| β | VPN Required for Production Access | Infrastructure | Production systems are only accessible through a secure VPN to protect internal assets from unauthorized external access. |
| β | Vulnerability Management | Infrastructure | BenOsphere has implemented and verified control for: Vulnerability Management. |
| β | Inactivity and Browser Exit Logout | Product | System activity and security events are logged centrally and monitored for suspicious behavior with real-time alerts. |
| β | Least-Privileged Policy for Customer Data Access | Product | A formal Least-Privileged Policy for Customer Data Access is in place to govern consistent and secure operations across the organization. |
| β | Log Management System | Infrastructure | System activity and security events are logged centrally and monitored for suspicious behavior with real-time alerts. |
| β | Logging/Monitoring | Infrastructure | System activity and security events are logged centrally and monitored for suspicious behavior with real-time alerts. |
| β | Logs Centrally Stored | Infrastructure | System activity and security events are logged centrally and monitored for suspicious behavior with real-time alerts. |
| β | Malware Detection Software Installed | Infrastructure | BenOsphere has implemented and verified control for: Malware Detection Software Installed. |
| β | Multiple Availability Zones | Infrastructure | BenOsphere has implemented and verified control for: Multiple Availability Zones. |
| β | Network segmentation in place | Infrastructure | BenOsphere has implemented and verified control for: Network segmentation in place. |
| β | Operational Audit | Organizational | Security controls and data access are reviewed regularly to maintain regulatory compliance and identify improvement opportunities. |
| β | Oversight of Security Controls | Organizational | BenOsphere has implemented and verified control for: Oversight of Security Controls. |
| β | Password Manager | Infrastructure | BenOsphere has implemented and verified control for: Password Manager. |
| β | Password Policy | Organizational | A formal Password Policy is in place to govern consistent and secure operations across the organization. |
| β | Password Storage | Infrastructure | BenOsphere has implemented and verified control for: Password Storage. |
| β | Removable Media Device Encryption | Infrastructure | Data is encrypted both at rest and in transit using industry-standard protocols. Encryption keys are tightly controlled and accessible only to authorized personnel. |
| β | Require Authentication for Access | Product | System access is managed using a role-based model and is revoked immediately upon employee or contractor termination. |
| β | Require Encryption of Web-Based Admin Access | Infrastructure | Data is encrypted both at rest and in transit using industry-standard protocols. Encryption keys are tightly controlled and accessible only to authorized personnel. |
| β | Role-Based Security Implementation | Product | BenOsphere has implemented and verified control for: Role-Based Security Implementation. |
| β | Servers Monitored and Alarmed | Infrastructure | Critical infrastructure components are continuously monitored with alerts configured for anomalous behavior or system failures. |
| β | Session Lock | Infrastructure | BenOsphere has implemented and verified control for: Session Lock. |
| β | SSL/TLS Enforced | Infrastructure | BenOsphere has implemented and verified control for: SSL/TLS Enforced. |
| β | Activity Review | Organizational | Security controls and data access are reviewed regularly to maintain regulatory compliance and identify improvement opportunities. |
| β | Annual Access Control Review | Organizational | Security controls and data access are reviewed regularly to maintain regulatory compliance and identify improvement opportunities. |
| β | Annual Incident Response Test | Organizational | A comprehensive incident response plan exists and is tested annually to ensure swift action during security events. |
| β | Annual Penetration Tests | Organizational | BenOsphere has implemented and verified control for: Annual Penetration Tests. |
| β | Architectural Diagram | Infrastructure | BenOsphere has implemented and verified control for: Architectural Diagram. |
| β | Authentication Protocol | Infrastructure | BenOsphere has implemented and verified control for: Authentication Protocol. |
| β | Backup Integrity and Completeness | Infrastructure | Regular, automated backups are performed with integrity checks and monitored for successful completion to ensure recoverability in case of data loss. |
| β | Backup Policy | Organizational | Regular, automated backups are performed with integrity checks and monitored for successful completion to ensure recoverability in case of data loss. |
| β | Customer Data is Encrypted at Rest | Product | BenOsphere has implemented and verified control for: Customer Data is Encrypted at Rest. |
| β | Customer Data Policies | Organizational | BenOsphere has implemented and verified control for: Customer Data Policies. |
| β | Daily Backup Statuses Monitored | Infrastructure | Regular, automated backups are performed with integrity checks and monitored for successful completion to ensure recoverability in case of data loss. |
| β | Data Destruction Policy | Organizational | A formal Data Destruction Policy is in place to govern consistent and secure operations across the organization. |
| β | Data Retention Policy | Organizational | A formal Data Retention Policy is in place to govern consistent and secure operations across the organization. |
| β | Database Monitored and Alarmed | Infrastructure | Critical infrastructure components are continuously monitored with alerts configured for anomalous behavior or system failures. |
| β | Denial of Public SSH | Infrastructure | Public SSH access is disabled. Only authenticated and authorized users with unique credentials can access systems via secure protocols. |
| β | Disaster Recovery Plan | Organizational | Business continuity and disaster recovery plans are in place to minimize disruption during unforeseen incidents. |
| β | Disposal of Sensitive Data on Hardware | Infrastructure | BenOsphere has implemented and verified control for: Disposal of Sensitive Data on Hardware. |
| β | Disposal of Sensitive Data on Paper | Infrastructure | BenOsphere has implemented and verified control for: Disposal of Sensitive Data on Paper. |
| β | Encryption Policy | Organizational | Data is encrypted both at rest and in transit using industry-standard protocols. Encryption keys are tightly controlled and accessible only to authorized personnel. |
| β | Event Logging | Infrastructure | System activity and security events are logged centrally and monitored for suspicious behavior with real-time alerts. |
| β | Failed Backup Alert and Action | Infrastructure | Regular, automated backups are performed with integrity checks and monitored for successful completion to ensure recoverability in case of data loss. |
| β | FIM (File Integrity Monitoring) Software in Place | Infrastructure | Critical infrastructure components are continuously monitored with alerts configured for anomalous behavior or system failures. |
| β | Hard-Disk Encryption | Infrastructure | Data is encrypted both at rest and in transit using industry-standard protocols. Encryption keys are tightly controlled and accessible only to authorized personnel. |
| β | Hardening Standards in Place | Infrastructure | BenOsphere has implemented and verified control for: Hardening Standards in Place. |
| β | Document Retention Period | Organizational | Data retention is governed by clearly defined policies ensuring legal and operational requirements are met. |
| β | Employee Disclosure Process | Organizational | BenOsphere has implemented and verified control for: Employee Disclosure Process. |
| β | Follow-Ups Tracked | Organizational | BenOsphere has implemented and verified control for: Follow-Ups Tracked. |
| β | HIPAA Awareness Training | Organizational | All employees and contractors complete regular HIPAA and cybersecurity training to ensure awareness of responsibilities and threats. |
| β | Incident Response Team | Organizational | A comprehensive incident response plan exists and is tested annually to ensure swift action during security events. |
| β | Incident Response Plan | Organizational | A comprehensive incident response plan exists and is tested annually to ensure swift action during security events. |
| β | Termination/Offboarding Checklist | Organizational | BenOsphere has implemented and verified control for: Termination/Offboarding Checklist. |
| β | 3rd Parties and Vendors Given Instructions on Breach Reporting | Organizational | Vendors are assessed for compliance, and agreements are maintained to ensure they meet BenOsphereβs security and privacy standards. |
| β | Acceptable Use Policy Employees Acknowledge | Organizational | A formal Acceptable Use Policy Employees Acknowledge is in place to govern consistent and secure operations across the organization. |
| β | Allowable Use and Disclosure | Organizational | BenOsphere has implemented and verified control for: Allowable Use and Disclosure. |
| β | Annual Review of Purposes | Organizational | Security controls and data access are reviewed regularly to maintain regulatory compliance and identify improvement opportunities. |
| β | Asset Management Policy | Organizational | A formal Asset Management Policy is in place to govern consistent and secure operations across the organization. |
| β | Background Checks | Organizational | BenOsphere has implemented and verified control for: Background Checks. |
| β | Business Associate Agreements | Organizational | BenOsphere has implemented and verified control for: Business Associate Agreements. |
| β | Business Continuity Plan | Organizational | Business continuity and disaster recovery plans are in place to minimize disruption during unforeseen incidents. |
| β | Business Impact Analysis | Organizational | BenOsphere has implemented and verified control for: Business Impact Analysis. |
| β | Breach Notification | Organizational | BenOsphere has implemented and verified control for: Breach Notification. |
| β | Board Oversight Briefings Conducted | Organizational | BenOsphere has implemented and verified control for: Board Oversight Briefings Conducted. |
| β | Code of Conduct | Organizational | BenOsphere has implemented and verified control for: Code of Conduct. |
| β | Commitments Explained to Customers | Product | BenOsphere has implemented and verified control for: Commitments Explained to Customers. |
| β | Communication to 3rd Parties | Organizational | BenOsphere has implemented and verified control for: Communication to 3rd Parties. |
| β | Conduct Control Self-Assessments | Organizational | BenOsphere has implemented and verified control for: Conduct Control Self-Assessments. |
| β | Continuous Control Monitoring | Organizational | Critical infrastructure components are continuously monitored with alerts configured for anomalous behavior or system failures. |
| β | Defined Management Roles & Responsibilities | Organizational | BenOsphere has implemented and verified control for: Defined Management Roles & Responsibilities. |
| β | Data Protection Policy | Organizational | A formal Data Protection Policy is in place to govern consistent and secure operations across the organization. |
| β | DLP (Data Loss Prevention) Software is Used | Infrastructure | BenOsphere has implemented and verified control for: DLP (Data Loss Prevention) Software is Used. |
| β | Disclosure with 3rd Parties | Organizational | BenOsphere has implemented and verified control for: Disclosure with 3rd Parties. |
| β | Disclosure Process for Customers | Organizational | BenOsphere has implemented and verified control for: Disclosure Process for Customers. |
| β | Information Security Policy | Organizational | A formal Information Security Policy is in place to govern consistent and secure operations across the organization. |
| β | Information Security Skills Matrix | Organizational | BenOsphere has implemented and verified control for: Information Security Skills Matrix. |
| β | Maintains a Privacy Policy | Organizational | A formal Maintains a Privacy Policy is in place to govern consistent and secure operations across the organization. |
| β | Maintains Asset Inventory | Organizational | BenOsphere has implemented and verified control for: Maintains Asset Inventory. |
| β | Messaging Queues Monitored and Alarmed | Infrastructure | Critical infrastructure components are continuously monitored with alerts configured for anomalous behavior or system failures. |
| β | Notice of Breach to Affected Users | Organizational | Each user is provisioned with a unique account. Access is monitored and governed by least privilege principles. |
| β | PII with 3rd Parties and Vendors | Organizational | Vendors are assessed for compliance, and agreements are maintained to ensure they meet BenOsphereβs security and privacy standards. |
| β | Privacy Policy Includes 3rd Party Vendors | Organizational | A formal Privacy Policy Includes 3rd Party Vendors is in place to govern consistent and secure operations across the organization. |
| β | Privacy Policy Publicly Available | Organizational | A formal Privacy Policy Publicly Available is in place to govern consistent and secure operations across the organization. |
| β | Privacy, Use, and Disclosure | Organizational | BenOsphere has implemented and verified control for: Privacy, Use, and Disclosure. |
| β | Provide Notice of Privacy Practices | Organizational | BenOsphere has implemented and verified control for: Provide Notice of Privacy Practices. |
| β | Quarterly Review of Privacy Compliance | Organizational | Security controls and data access are reviewed regularly to maintain regulatory compliance and identify improvement opportunities. |
| β | Remediation Plan | Organizational | BenOsphere has implemented and verified control for: Remediation Plan. |
| β | Review Privacy Notice Annually | Organizational | Security controls and data access are reviewed regularly to maintain regulatory compliance and identify improvement opportunities. |
| β | Risk Assessment Policy | Organizational | A formal Risk Assessment Policy is in place to govern consistent and secure operations across the organization. |
| β | Security Team Communicates in a Timely Manner | Organizational | A dedicated security team oversees compliance efforts and ensures accountability at the organizational level. |
| β | Security Team/Steering Committee | Organizational | A dedicated security team oversees compliance efforts and ensures accountability at the organizational level. |
| β | Security Training | Organizational | All employees and contractors complete regular HIPAA and cybersecurity training to ensure awareness of responsibilities and threats. |
| β | Security Updates | Infrastructure | BenOsphere has implemented and verified control for: Security Updates. |
| β | Software Development Life Cycle Policy | Organizational | A formal Software Development Life Cycle Policy is in place to govern consistent and secure operations across the organization. |
| β | Storage of Sensitive Data on Paper | Organizational | BenOsphere has implemented and verified control for: Storage of Sensitive Data on Paper. |
| β | System Access Control Policy | Organizational | A formal System Access Control Policy is in place to govern consistent and secure operations across the organization. |
| β | Unauthorized Disclosures by 3rd Parties | Organizational | BenOsphere has implemented and verified control for: Unauthorized Disclosures by 3rd Parties. |
| β | Vendor Agreements Maintained | Organizational | Vendors are assessed for compliance, and agreements are maintained to ensure they meet BenOsphereβs security and privacy standards. |
| β | Vendor Compliance Reports | Organizational | Vendors are assessed for compliance, and agreements are maintained to ensure they meet BenOsphereβs security and privacy standards. |
| β | Vendor Management Policy | Organizational | A formal Vendor Management Policy is in place to govern consistent and secure operations across the organization. |
| β | Vendors and PHI | Organizational | Vendors are assessed for compliance, and agreements are maintained to ensure they meet BenOsphereβs security and privacy standards. |
| β | Annual Risk Assessment | Organizational | BenOsphere has implemented and verified control for: Annual Risk Assessment. |
| β | Intrusion Detection System in Place | Infrastructure | BenOsphere has implemented and verified control for: Intrusion Detection System in Place. |