Trust Center
Introduction
ElevatePFS is compliant with SOC, NIST CSF, and HIPAA regulatory requirements.
Overview of Security Program and Commitments
|
Document Stipulating the Requirement |
Requirements |
Responsibility |
|
SOC 1 Type 2 Report for Patient Responsibility Services |
Security Controls |
AVP, Self-Pay Operations, CO |
|
SOC 2 Type 2 Evidence for all Access Control Tests |
Policies and procedures to manage access to information & systems |
For evidence not automatically collected by GRC system integrations, Sr. Director of Information Security, Sr. Director of Infrastructure, Director of Compliance |
|
SOC 2 Type 2 Evidence for all Encryption Tests |
Guidelines for using cryptographic controls to protect information. |
|
|
SOC 2 Type 2 Evidence for PHY Evidence Tests |
Measures to protect physical assets and facilities |
|
|
SOC 2 Type 2 Evidence for Incident Management Test |
Processes for managing information security incidents effectively. |
|
|
HIPAA Framework |
Fraud Enforcement and Other Standards |
Director of Compliance, Asst General Counsel |
|
NIST Cybersecurity Framework (NIST CSF 2.0) |
Six CSF Core Functions |
Asst General Counsel, Director of Compliance, Information Security Officer (ISO), Chief Information Officer (CIO) |
|
NIST Cybersecurity Framework (NIST CSF 2.0) |
CSF Organizational Profiles |