Policy
HeartAI operates in a variety of digital environments, including through engagement with health and government organisations. HeartAI is committed to maintaining a high-level of rigour and due diligence, particularly considering the responsibilities of managing potentially sensitive digital health information. To ensure commitment to these principles, HeartAI abides by an internal policy framework that governs how HeartAI must operate and the corresponding obligations of team members and collaborators. These commitments include an understanding of and alignment to state and federal laws, policies, regulations, and compliance standards.
The following policy documents describe and specify the responsibilities and obligations of HeartAI platform components and HeartAI team members:
- Overview
- Legal compliance
- Information security
- Management of sensitive information
- Change management process
- Personnel security
- Identity and access management
- Management of corporate and personal devices
- Management of sensitive keys and secrets
- Encryption and cryptography
- Deployment environment management
- Platform and data access
- Source repository access and usage
- Security education and awareness
- Security review and auditing
- Service engagement and assurance
- Incident management and business continuity