Data Security and Privacy Policy

Last Updated: February 20, 2024

1. Introduction

Veriteos is committed to maintaining the highest standards of security and compliance when handling all user and healthcare data. This document outlines our security and data protection policy, and procedures to ensure the confidentiality, integrity, and availability of sensitive information.

2. Scope

This document applies to all Veriteos employees, contractors, and third-party service providers who have access to our systems and data.

3. Regulatory Compliance

Veriteos strives to adhere to all relevant data protection and privacy regulations, including but not limited to HIPAA, GDPR, and any other applicable local or international laws.

4. Information Classification

All information is classified based on its sensitivity, and access controls are implemented accordingly. Employees are trained on handling different classifications of data.

5. Access Controls

Access to Veriteos systems and data is granted on a need-to-know basis. User access is regularly reviewed and updated to ensure alignment with job responsibilities.

6. Encryption

Data in transit and at rest is encrypted using industry-standard protocols. This includes communication over networks and storage of sensitive information.

7. Incident Response Plan

Veriteos has a comprehensive incident response plan to promptly and effectively address any security incidents. This includes reporting procedures, investigation processes, and communication protocols.

8. Security Awareness Training

All employees undergo regular security awareness training to stay informed about potential security threats and best practices for safeguarding information.

9. Physical Security

Physical access to Veriteos offices and equipment is restricted and monitored. Security measures are in place to prevent unauthorized access.

10. Security Audits and Assessments

Regular security audits and assessments are conducted to identify vulnerabilities and ensure ongoing compliance with security standards. Results are used to implement improvements as necessary.

11. Data Backup and Recovery

Veriteos maintains regular data backups to ensure data integrity and facilitate timely recovery in case of data loss or system failures.

12. Vendor Security

Third-party vendors are assessed for security practices and compliance. Contracts include security clauses to ensure vendors meet Veriteos' security standards.

13. Security Governance

Veriteos has a dedicated Security Governance team responsible for overseeing and enforcing security policies, conducting risk assessments, and ensuring ongoing compliance.

14. Policy Review and Updates

This security compliance document is subject to periodic review and updates to reflect changes in regulations, technology, and business processes.

Conclusion

Veriteos is committed to maintaining a robust security posture to protect the confidentiality and integrity of healthcare data. This document serves as a foundation for our security policies and practices, and all employees, contractors, and third-party service providers are expected to adhere to these guidelines.