ClearDATA Managed Services – Advanced
Service Description Overview
ClearDATA Advanced is a managed services offering that provides configuration management assistance and continuous monitoring for the ClearDATA CyberHealth™ Platform (CHP) across AWS, Azure, and GCP public cloud platforms.
This service guides customers through selecting, implementing, and maintaining critical cloud security and compliance technical controls that will reduce the likelihood of experiencing a highly impactful cyber security incident or breach due to the misconfiguration of a cloud native service.
Shared Responsibility Model
The ClearDATA Advanced RACI defines the shared responsibilities of ClearDATA and the Customer. You can access the RACI is here: https://cleardata.document360.io/docs/raci.
Service Scope
The following sections describe the scope of each Service component and element. If you have requirements outside the scope of this Service Description, please contact ClearDATA Support to arrange a Professional Services consultation.
Service Components of ClearDATA Advanced
Service components and elements of ClearDATA Advanced include:
| Service Component | Element |
|---|---|
| Prepare | CyberHealth™ Platform Onboarding |
| Safeguard & Control | Configuration Workshops |
| Detect & Analyze | Continuous Monitoring |
| Detect & Analyze | Alert Triage & Analysis |
| Detect & Analyze | Customer Notification & Communication |
| Respond & Recover | Remediation Guidance |
| Report | Scheduled Compliance & Posture Reviews |
| Report | Security & Compliance Audit Support |
Prepare
CyberHealth™ Platform Onboarding
The ClearDATA Advanced onboarding program is designed to provide a smooth and efficient transition for healthcare organizations adopting the CyberHealth™ Platform. This program focuses on understanding your specific cloud environment, security requirements, and compliance goals.
Designated Cloud Compliance Engineer
ClearDATA Advanced provides a designated cloud compliance engineer to your organization. This engineer will serve as your primary point of contact throughout the partnership, providing expert guidance, ensuring a seamless transition to the CyberHealth™ Platform, and providing ongoing monitoring.
Collaborative Needs Assessment
A collaborative needs assessment will be conducted by the designated cloud compliance engineer to understand your cloud environment and compliance goals. This in-depth session will involve workshops and interviews with your team to gather detailed information about your cloud infrastructure, security posture, and relevant compliance regulations. This collaborative approach ensures the onboarding process is tailored to your unique needs and addresses your specific security concerns.
Comprehensive Inventory and Risk Assessment
The CyberHealth™ Platform will conduct a comprehensive inventory of your cloud resources, with a particular focus on PHI-containing data. This initial assessment will identify potential security risks and lay the groundwork for ongoing security posture management.
Safeguard & Control Configuration Workshops
Initial Safeguard & Control Workshop
This comprehensive session dives into the technical details of ClearDATA’s automated safeguards. Participants will gain a clear understanding of how these safeguards map to specific compliance controls, such as those outlined in HIPAA and HITRUST. The workshop equips your team with the knowledge and skills to configure and manage safeguards effectively. This may involve customizing safeguard settings to perfectly align with your organization’s security policies and unique compliance requirements. Additionally, the workshop provides insights into utilizing ClearDATA’s reporting tools to monitor safeguard activity and identify potential security issues flagged by the safeguards.
Ongoing Safeguard & Control Workshops
Recognizing the ever-changing threat landscape and evolving compliance regulations, the designated compliance engineer will host ongoing workshops focus on ensuring the latest updates to ClearDATA automated safeguards are enabled. This ensures that your safeguard configurations for your cloud resources remain effective in the face of a dynamic threat and compliance landscape.
Detect & Analyze
Continuous Monitoring
The CyberHealth™ Platform assigns a compliance score to each of your cloud resources. This score reflects the resource’s alignment with relevant standards/frameworks (e.g., HIPAA). ClearDATA Advanced monitors these scores and prioritizes alerts associated with significant drops or deviations in compliance scores.
Alert Triage & Analysis
The designated compliance engineer reviews security alerts triggered by the CyberHealth™ Platform. These alerts include details about the triggered security control, the affected resource(s), and potential remediation steps. The engineer leverages their expertise and understanding of your environment to analyze the alerts, determine their severity, and identify potential security risks. This analysis includes monitoring for configuration changes that could introduce security vulnerabilities or cause your compliance posture to drift.
Customer Notification & Communication
The designated compliance engineer will promptly notify your designated personnel upon detection of a high-priority security alert. They will work with your team to understand the situation, analyze the alert details provided by CyberHealth™ Platform, and develop a comprehensive remediation plan.
Respond & Recover
Remediation Guidance
ClearDATA Advanced offers detailed explanations of the compliance controls within the CyberHealth™ Platform, clarifying their purpose, importance, and how they contribute to overall cloud security and compliance. The designated loud compliance engineer will assist in interpreting the data and reports generated by the CyberHealth™ Platform, providing actionable insights and recommendations to improve and maintain security and compliance posture.
Report
Scheduled Compliance & Posture Reviews
ClearDATA Advanced offers optional scheduled compliance and posture reviews. These in-depth assessments provide a deeper evaluation of your cloud environment’s alignment with your security policies and relevant standards. You can customize the frequency and focus of the reviews to meet your specific needs. The designated compliance engineer will collaborate with you to define the scope and ensure it aligns with your security goals.
Security & Compliance Audit Support
ClearDATA Advanced provides audit support for HIPAA and HITRUST in the form of our standard response. ClearDATA responds to audits and inquiries about ClearDATA’s internal operations, including those required by HIPAA, as part of the obligations as a business associate to provide satisfactory assurances or as otherwise contractually and legally required.
The designated compliance engineer will provide explicitly requested evidence or artifacts that help support or otherwise demonstrate satisfactory security and compliance assurances on covered services supported by ClearDATA’s platform or for business functions that are captured in the CyberHealth™ Platform only.
© ClearDATA Networks, Inc. 2024
Revision Date August 2024