DATA PROTECTION
User Access Removal Process/Timeliness:
User access should be removed or modified whenever it is no longer needed,
regardless of the level of sensitivity of the information.
User access removal/modification requests should be submitted through our
company process no later than 24 business hours after it is determined the access is
no longer needed.
SYSTEM REQUIREMENTS
Third Party Systems:
Most systems we use for operations are third party systems (e.g., Therap, Microsoft,
Paycom), with their own secure requirements for user access, usernames, and
passwords. In addition to the protections built into the software/system, whenever
possible, we have modified the third-party system requirements to align with our
protocols for security and confidentiality.
We do not and will not partner with any software company that does not meet our
minimum required system security requirements and that does not continue to
invest in and prioritize data security/system security.
User Login, Passwords, Two-Step Authentication, etc., Requirements:
It is the responsibility of users of our systems and that access our information to
follow all security requirements and to do whatever is deemed necessary to protect
our information.
Users accessing our systems must follow the required login and passwords formats
as defined by the system and must reset passwords according to the system rules
and time requirements. Passwords to systems should be unique to each system (not
the same password for all systems) and should be securely stored to limit
unauthorized access.
Two-step authentication must be enabled on company accessed systems.
Users are only permitted to have one account to access systems / information and
access should be granted utilizing company information, such as an employee’s
company email instead of a personal email account