Policy Management Policy
Wildfire Labs implements policies and procedures to maintain compliance and integrity of data. The Privacy Officer and Security Officer are responsible for maintaining policies and procedures and assuring all Wildfire Labs workforce members, business associates, customers, and partners are adherent to all applicable policies. Previous versions of policies are retained to assure ease of finding policies at specific historic dates in time.
Applicable Standards
HITRUST Common Security Framework
12.c - Developing and Implementing Continuity Plans Including Information Security
HIPAA Security Rule
164.316(a) - Policies and Procedures
164.316(b)(1)(i) - Documentation
Maintenance of Policies
All policies are stored and up to date to maintain Wildfire Labs compliance with HIPAA, HITRUST, NIST, and other relevant standards. Updates and version control is done similar to source code control.
Policy update requests can be made by any workforce member at any time. Furthermore, all policies are reviewed annually by both the Security and Privacy Officer to assure accuracy.
Edits and updates made by appropriate and authorized workforce members are done on their own versions, or branches. These changes are only merged back into final, or master, versions by the Privacy or Security Officer, similarly to a pull request. All changes are linked to workforce personnel who made them and the Officer who accepted them.
All policies are made accessible to all Wildfire Labs workforce members.
Changes can be requested to policies using change requests in Gitbook or pull requests in Github.
All policies, and associated documentation, are retained for 6 years from the date of its creation or the date when it last was in effect, whichever is later
Version history of all Wildfire Labs policies is done via Github.
Backup storage of all policies is done with Google Drive.
The policies and information security policies are reviewed and audited annually. Issues that come up as part of this process are reviewed by Wildfire Labs management to assure all risks and potential gaps are mitigated and/or fully addressed.
Additional documentation related to maintenance of policies is outlined in the Privacy Officer's responsibilities.
Last updated