Bland Compliance Report
Bland is in compliance with security best practices, has implemented and is monitoring comprehensive controls, and maintains policies to outline its security procedures.
Controls
Governance
Risk analysis
Risk management
Board oversight briefings conducted
Board expertise developed
HR
Sanction policy
Authorization and/or supervision
Termination procedures
Security reminders
IT
Information system activity review
Access authorization
Access establishment and modification
Protection from malicious software
Incident Management
Response and reporting
Timeliness of notification
Content of notification
Plain language requirement
Change Management
Development lifecycle established
Segregation of duties in changes
Production deployment access restricted
Segregation of environment
Vendor
Vendor management program established
Vendor management process
Vendor termination
Policies
Company Handbook
Personnel Security Policy
Change Management Policy
Incident Response Policy
Vendor Management Policy
Board of Directors Charter
Risk and Governance Executive Committee Charter
Business Continuity and Disaster Recovery
Access Control and Termination Policy
Data Classification Policy
Baseline Hardening Policy
Network Security Policy
Information Security Policy
Risk Assessment and Treatment Policy
Information Technology Leadership Committee Charter
HIPAA Internal Privacy Policy
PHI De-identification Policy and Procedure
Breach Notification Policy
