Skip ahead:
- How does ZenVideo assess and mitigate the risks associated with sharing or accessing PHI through external platforms and vendors?
- Does ZenVideo have an incident response plan? How often is it tested, and how confident are you in its effectiveness in responding to a potential breach or data leak?
- How does ZenVideo manage user access controls, authentication, and the principle of least privilege to safeguard PHI from unauthorized access?
- How does ZenVideo help covered entities safeguard PHI?
- What key security metrics does ZenVideo track to assess the effectiveness of the cybersecurity program, and how are these metrics utilized to drive improvements and accountability?
How does ZenVideo assess and mitigate the risks associated with sharing or accessing PHI through external platforms and vendors?
ZenVideo’s third-party software vendors must pass a review process which includes the completion of a security questionnaire and a formal risk assessment to assess the criticality and security posture of the vendor. When appropriate, ZenVideo requires third-party vendors to sign ZenVideo’s Data Processing Addendum, Business Associate Agreement, and Supplier Security Policy.
Does ZenVideo have an incident response plan? How often is it tested, and how confident are you in its effectiveness in responding to a potential breach or data leak?
ZenVideo has established controls to respond quickly and efficiently in the event of an incident that results in a compromise of ZenVideo services. These controls have been codified through ZenVideo Security policies and procedures. They provide system-specific response teams and procedures for each type of incident. They include protocols for assessing incident severity, remediating incidents, and, where necessary, notifying affected customers.
How does ZenVideo manage user access controls, authentication, and the principle of least privilege to safeguard PHI from unauthorized access?
ZenVideo enforces Single Sign-On with MFA for access to internal systems that may contain customer data. ZenVideo implements role-based access controls when provisioning access to internal ZenVideo systems. Employees and contractors are only permitted to access data to fulfill their job roles and responsibilities. ZenVideo regularly conducts access reviews for critical systems.
How does ZenVideo help covered entities safeguard PHI?
ZenVideo helps covered entities safeguard PHI by providing enterprise tooling, such as data retention controls and audit logging within the platform to manage PHI.
What key security metrics does ZenVideo track to assess the effectiveness of the cybersecurity program, and how are these metrics utilized to drive improvements and accountability?
ZenVideo has started to measure effectiveness of the cybersecurity program by using the NIST Cybersecurity framework (CSF) and measuring percentage of compliance, and ranking the level of maturity based on the Cybersecurity Capability Maturity Model. Measuring this lets us track and continuously raise the bar for ZenVideo’s control maturity level over time.
Comments
0 comments
Please sign in to leave a comment.