...
Alerting is configured to the Foundry Health Slack channel for real-time notifications of security events.
Logging
Application Logs are centrally stored in AWS CloudWatch. VPC Flow Logs are stored in S3 to support investigation of security incidents as required.
Standard Managed Web Application Firewall
...
As these Linux images are hardened, continuously and automatically patched, unreachable without an SSH connection and protected by a firewall, no additional anti-malware measures are installed.
...
Application Logs are centrally stored in AWS CloudWatch. VPC Flow Logs are stored in S3 to support investigation of security incidents as required.
Backup
All customer data is stored in AWS RDS instances. Application servers do not store any customer data, only configuration. As such this topic is limited in scope to how RDS supports backups and recovery.
...
Due to the backup processes described above, the Engineering team does not formally test restore procedures.
...
ClinSpark Development and Support Staff
User Workstations
User workstations are provided by our parent company, IQVIA. These machines are fully managed and monitored and equipped with regularly updated anti-malware measures.
...
All staff is periodically trained on security policies including data handling, and security topics such as recognizing social engineering. Evidence is available for review upon request.
Corporate Network
Foundry Health’s Our core workgroup business systems are externally hosted SaaS applications, managed by the respective vendor. Our corporate network, mail and file services are provided by our parent company, IQVIA, and require VPN access, or similarly secure managed access, when remote working.
...