| Table of Contents |
|---|
Security is a key part of Foundry Health infrastructure design, application development processes and support. This document provides an overview of Foundry Health security measures and processes.
...
AWS Security Hub is configured to monitor and alert upon a wide variety of infrastructure security aspects. AWS Guard DutyGuardDuty provides active AI-driven real-time intrusion detection. AWS Macie constantly monitors the environment for PHI leaks or unusual privileged activity in AWS CloudTrail, which audits all AWS user activity. AWS Detective provides tool-assisted investigation capabilities for rapid root-cause analysis of potential security issues.
...
All server instances receive regular and automated security and bugfix bug-fix patching. This is done using AWS Patch Manager.
Malware
ClinSpark is deployed to an Amazon Linux image provided by Amazon Web Services for use on Amazon Elastic Compute Cloud (Amazon EC2).
As these Linux images are hardened, continuously and automatically patched, unreachable without an SSH connection and protected by a firewall, no additional anti-malware measures are installed.
Logging
Application Logs are centrally stored in AWS CloudWatch. VPC Flow Logs are stored in S3 to support investigation of security incidents as required.
...
User workstations are provided by our parent company, IQVIA. These machines are fully managed and monitored and equipped with modern regularly updated anti-malware measures.
...
Some
Bring Your Own Device (BYOD) Policy
Some BYOD workstations may be used for development and support purposes and are monitored by Kolide for endpoint security. This provides visibility into our requirements for security patching, anti-malware measures, use of an approved password manager, hard drive encryption and other security configurations appropriate for the specific workstation. Violation notifications and a review process are in place.
...