Add to collection(s) Add to saved
  1. No category
Uploaded by Gagan daman

Docspera Questions

advertisement 
Question
MedSetGo's Positive Response
Do you collect private data of users?
Yes, in compliance with HIPAA, GDPR, and other privacy
laws.
Names of Privacy Laws you are compliant
with
HIPAA, GDPR, CCPA
Are you FedRAMP certified?
Not currently, but planning to within the next two years.
Other compliance certificates
ISO/IEC 27001, SOC 2 Type II (Validity till 2025)
Is there a Cyber Security Policy?
Yes, updated semi-annually or as needed.
Do you store or cache customer data?
Yes, encrypted PHI and PII only.
How is customer data protected?
AES-256 encryption for data at rest, TLS 1.3 for data in
transit.
Question
MedSetGo's Positive Response
Is the solution Multitenant or
Singletenant?
Multitenant.
How is data segregation ensured?
Logical segregation with strict access controls.
Is data segregation Physical or Logical?
Logical.
Is there data sharing with third parties?
No, without explicit consent.
Breach Notification process?
Immediate internal escalation, customer notification within 4
hours.
Security Assessment Cadence?
Quarterly Application & Infrastructure scans.
Scope of Security Assessment
AWS VPCs, Azure Resource Groups, Databases, instances.
Remediation Measures
All vulnerabilities patched within 7 days.
Question
MedSetGo's Positive Response
Network Security Controls
Firewalls, IDS/IPS, encrypted data transfers.
Will log details be shared?
Yes, upon request.
Is MFA used for cloud access?
Yes.
Is Change Management in place?
Yes, changes communicated in advance.
Are there data integrity controls?
Yes, checksum validations.
Privileged Account Management
Strict access controls and MFA.
Privileged Access Review
Bi-annual review.
BCP/DR Policy
Detailed policy available on request.
Question
MedSetGo's Positive Response
Product Uptime
99.9%
Cyber Insurance
Yes, $5M coverage.
Fraud Prevention
Continuous monitoring.
Backend Access Management
Secure VPN, 24/7 monitoring.
Who has access to customer data?
Authorized personnel only.
Scope of Data Access
Limited to job responsibilities.
Backend Access Security
MFA and encrypted tunnels.
Data Retention Period
Seven years.
Question
MedSetGo's Positive Response
Post-Retention Data Disposal
Secure deletion per NIST guidelines.
Generic Accounts
None, all accounts are personalized.
Encryption Algorithms
AES-256 for data at rest, TLS 1.3 for data in transit.
VAPT Cadence
Quarterly.
API Security Assessment
Annually.
Security Audit by DocSpera
Agreed.
Patching & Hardening
Automated systems, manual review.
Additional Data Security Controls
Periodic audits, employee training.
Question
MedSetGo's Positive Response
Ransomware Protection
Endpoint protection, secure backups.
Centralized Authentication
Yes.
MFA/2FA Mechanism
SMS and Authenticator Apps.
Built-in Logging
Yes.
Data Leakage Prevention
DLP solutions in place.
Compliance with US Sanctions
Fully compliant.
Resource/Consultant Location
US & India unless otherwise approved.
Related documents
project abstract
project abstract
Examples of past MFA Projects
Examples of past MFA Projects
SCORE SHEET MFA INITIAL REVIEW – MFA SEMINAR Student: ____________________________________
SCORE SHEET MFA INITIAL REVIEW – MFA SEMINAR Student: ____________________________________
Download
advertisement