ACN Healthcare is committed to protect Confidentiality, Integrity and Availability of assets belonging to company, customers, suppliers and vendors from threats & to comply with legal, regulatory and contractual obligations by following a risk based approach and paramount to protect the integrity of Global operations to achieve customer delight.
ACN healthcare is committed to protect Confidentiality, Integrity and Availability of Information assets belonging to company, customers, suppliers and vendors from threat and to comply with legal, regulatory and contractual obligation by following a risk based approach and continual improvement of information security management. The implementation of this policy is paramount to protect integrity of operations at ACN healthcare to achieve customer delight.
ACN Healthcare considers information security management as a key business responsibility which is shared by all members of the management team, lead by Chief information officer (CISO), who in turn assisted by Information security manager (ISM) and team of Global information security forum (GISF). ACN has adopted ISO/IEC: 27001 information security management framework and has been certified by authorized external certifying body.
ACN Healthcare adopts internal audits periodically to ensure the requirements are met for all the information assets, Procedure and documents, Information Technology security, employee security, physical & environment security, incident management, Business continuity management, Disaster management and contractual obligations.
ACN Healthcare assures operating effectiveness and controls are adopted and followed. To ensure ACN carry out a regular assessment by an external qualifying professional, to identify the risks associated with the processes and implement necessary controls. Now ACN is complaint to SSAE 16 Type II.
ACN Healthcare is certified for HIPAA and ACN has implemented Administrative, Technical and Physical safeguards in the facility and HIPAA controls.
The compliance team and external certifying body conducts regular HIPAA audits on the floor and also provide necessary awareness training to all its employees and third party vendors.
A Non-Disclosure Agreement is signed by all employees at the time of joining the organization and Third party vendors while signing the contracts, non-adherence to compliance will lead to disciplinary action.
Administrative controls of ACN Healthcare includes safeguarding information and computing resources from unauthorized access, systems and procedures for physical access control are developed and implemented. This is achieved by deploying security guards, escorting the visitors, implementing various physical security devices such access cards, biometrics, CCTV etc. This would protect physical access to all business data, related application systems, operating systems software and the systems holding these data and software from unauthorized or illegal access. The controls in place are adopted from the HIPAA SOA and ISO 27001 standards and the best practices are implemented across the organization which in turn will be assessed by both internal and external auditors (certification body).
ACN Healthcare considers continuity of business in adverse conditions as important. Adverse conditions are usually caused due to disasters, both natural and man-made. In case of disasters, the priority is safety of human life. The next priority is restoration of critical business processes. ACN have identified the vulnerabilities and implemented necessary controls to prevent extended critical service outages. All ACN 3 facility are certified for information security and HIPAA and at any given point time business can be resorted in the alternate facilities.