Bland is in compliance with security best practices, has implemented and is monitoring comprehensive controls, and maintains policies to outline its security procedures.
Bland complies with both HIPAA and SOC 2 standards, ensuring the highest level of data security and privacy.
SOC 2 Type 1
Request
Risk analysis
Risk management
Board oversight briefings conducted
Board expertise developed
Sanction policy
Authorization and/or supervision
Termination procedures
Security reminders
Information system activity review
Access authorization
Access establishment and modification
Protection from malicious software
Response and reporting
Timeliness of notification
Content of notification
Plain language requirement
Development lifecycle established
Segregation of duties in changes
Production deployment access restricted
Segregation of environment
Vendor management program established
Vendor management process
Vendor termination
Company Handbook
Personnel Security Policy
Change Management Policy
Incident Response Policy
Vendor Management Policy
Board of Directors Charter
Risk and Governance Executive Committee Charter
Business Continuity and Disaster Recovery
Access Control and Termination Policy
Data Classification Policy
Baseline Hardening Policy
Network Security Policy
Information Security Policy
Risk Assessment and Treatment Policy
Information Technology Leadership Committee Charter
HIPAA Internal Privacy Policy
PHI De-identification Policy and Procedure
Breach Notification Policy