[To download documents, please scroll to the bottom of this page]
- SOC 2 Type II
- Compliance Packet
- Network Diagram
- Vendor Management
- Document Available by Request
- Document Available for Download
SOC 2 Type II
- Our data center has completed a SOC 2 Type II certification.
Compliance Policy / Procedure Packet
ER Express has developed a robust set of policies and procedures to deliver ongoing compliance with the appropriate set of statutes, regulations, and best practices:
- We have completed the HITRUST self-assessment and have been evaluated by HITRUST, and achieved a 5- rating (on a 1 - 5+ scale),
- The 5- rating equates to: 'Consistently produces and actives monitors status metrics for the information security program as well as the majority of the individual HITRUST critical control areas and the individual controls apply to the majority of the systems within the assessment scope.'
- According to the HITRUST Alliance, regarding its relevance to OCR Audit protocol:
“Implementation of the CSF as the basis for an organization’s information protection program and subsequent use of HITRUST CSF Validated or Certified Assessments has also been accepted by OCR as evidence of their compliance with the HIPAA Security Rule, assuming the assessment addresses the appropriate scope relevant to OCR’s audit or investigation. The HITRUST CSF and CSF Assurance Program have also been used in resolution agreements with OCR.”
- ER Express' network lives in the Microsoft Azure cloud. Our full-stack diagram is available for download.
Software development lifecycle
- ER Express follows the standard SDLC.
- SDLC is a structure followed by a development team within the software organization. It consists of a detailed plan describing how to develop, maintain and replace specific software. The life cycle defines a methodology for improving the quality of software and the overall development process."
Vendor Management Policy
We require all of our vendors to adhere to the same set of compliance standards. We ask vendors to sign our vendor management policy, which requires them to:
- Agree to follow ER Express security policies & procedures
- Sign an NDA
- Sign a BAA
- Ensure that the staff who work on ER Express projects have had background checks
- Ensure that the staff who work on ER Express projects have passed a recent drug screen
The following documents are available by request
Employee Compliance Training & Quiz Log
Risk Management Plan
- HITRUST Letter
The following documents are available to download: