Security Program Overview
LifeOmic is committed to protecting its employees, partners, clients/customers and the company itself from damaging acts either malicious or unintentional in nature. This includes implementation of policies, standards, controls and procedures to ensure the Confidentiality, Integrity, and Availability of systems and data according to their risk level.
The LifeOmic security program and policies are developed on the principles that (1) security is everyone’s responsibility and (2) self-management is best encouraged by rewarding the right behaviors.
Information Security Program and Scope
LifeOmic has developed a security program and implemented controls to meet and exceed all compliance requirements, including but not limited to HIPAA, HITRUST, SOC 2 Common Criteria, FedRAMP and other applicable industry best practices.
On a high level, LifeOmic’s information security program covers:
Inventory and protection of all critical assets
Visibility into and the management of data lifecycle, from creation to retention to deletion
Protection of data-at-rest, data-in-transit, and data-in-use
Segmented network architecture
Automated security configuration and remediation
Centralized identity and access management
Secure product development
Continuous monitoring and auditing
Validated plan and practice for business continuity, disaster recovery, and emergency response
End-user computing protection and awareness training
The information security program and its policies and procedures cover all LifeOmic workforce members, including full-time and part-time employees in all job roles, temporary staff, contractors and subcontractors, volunteers, interns, managers, executives employees, and third parties.
The information security program is managed by dedicated security and compliance personnel.
Understanding the Policies and Documents
Policies are written in individual documents, each pertaining to a specific domain of concern.
Each document starts with the current version number and/or last updated date, followed by a brief summary. The remaining of the document is structured to contain two main sections:
- Policy Statements
- Controls and Procedures
All policy documents are maintained, reviewed, updated and approved following standards and procedures outlined in Policy Management.
Review and Reporting
The information security program, policies, procedures and controls are reviewed on a regular basis internally by cross functional team members and externally by qualified assessors.
A formal program review is conducted every quarter with review of key metrics of the LifeOmic information security program, to measure its adoption and effectiveness.