ClearDATA Managed Services – Advanced

Service Description Overview

ClearDATA Advanced is a managed services offering that provides configuration management assistance and continuous monitoring for the ClearDATA CyberHealth™ Platform (CHP) across AWS, Azure, and GCP public cloud platforms.

This service guides customers through selecting, implementing, and maintaining critical cloud security and compliance technical controls that will reduce the likelihood of experiencing a highly impactful cyber security incident or breach due to the misconfiguration of a cloud native service.

Shared Responsibility Model

The ClearDATA Advanced RACI defines the shared responsibilities of ClearDATA and the Customer. You can access the RACI is here: https://cleardata.document360.io/docs/raci.

Service Scope

The following sections describe the scope of each Service component and element. If you have requirements outside the scope of this Service Description, please contact ClearDATA Support to arrange a Professional Services consultation.

Service Components of ClearDATA Advanced

Service components and elements of ClearDATA Advanced include:

Service Component Element
Prepare CyberHealth™ Platform Onboarding
Safeguard & Control Configuration Workshops
Detect & Analyze Continuous Monitoring
Detect & Analyze Alert Triage & Analysis
Detect & Analyze Customer Notification & Communication
Respond & Recover Remediation Guidance
Report Scheduled Compliance & Posture Reviews
Report Security & Compliance Audit Support

Prepare

CyberHealth™ Platform Onboarding

The ClearDATA Advanced onboarding program is designed to provide a smooth and efficient transition for healthcare organizations adopting the CyberHealth™ Platform. This program focuses on understanding your specific cloud environment, security requirements, and compliance goals.

Designated Cloud Compliance Engineer

ClearDATA Advanced provides a designated cloud compliance engineer to your organization. This engineer will serve as your primary point of contact throughout the partnership, providing expert guidance, ensuring a seamless transition to the CyberHealth™ Platform, and providing ongoing monitoring.

Collaborative Needs Assessment

A collaborative needs assessment will be conducted by the designated cloud compliance engineer to understand your cloud environment and compliance goals. This in-depth session will involve workshops and interviews with your team to gather detailed information about your cloud infrastructure, security posture, and relevant compliance regulations. This collaborative approach ensures the onboarding process is tailored to your unique needs and addresses your specific security concerns.

Comprehensive Inventory and Risk Assessment

The CyberHealth™ Platform will conduct a comprehensive inventory of your cloud resources, with a particular focus on PHI-containing data. This initial assessment will identify potential security risks and lay the groundwork for ongoing security posture management.

Safeguard & Control Configuration Workshops

Initial Safeguard & Control Workshop

This comprehensive session dives into the technical details of ClearDATA’s automated safeguards. Participants will gain a clear understanding of how these safeguards map to specific compliance controls, such as those outlined in HIPAA and HITRUST. The workshop equips your team with the knowledge and skills to configure and manage safeguards effectively. This may involve customizing safeguard settings to perfectly align with your organization’s security policies and unique compliance requirements. Additionally, the workshop provides insights into utilizing ClearDATA’s reporting tools to monitor safeguard activity and identify potential security issues flagged by the safeguards.

Ongoing Safeguard & Control Workshops

Recognizing the ever-changing threat landscape and evolving compliance regulations,  the designated compliance engineer will host ongoing workshops focus on ensuring the latest updates to ClearDATA automated safeguards are enabled. This ensures that your safeguard configurations for your cloud resources remain effective in the face of a dynamic threat and compliance landscape.

Detect & Analyze

Continuous Monitoring

The CyberHealth™ Platform assigns a compliance score to each of your cloud resources. This score reflects the resource’s alignment with relevant standards/frameworks (e.g., HIPAA). ClearDATA Advanced monitors these scores and prioritizes alerts associated with significant drops or deviations in compliance scores.

Alert Triage & Analysis

The designated compliance engineer reviews security alerts triggered by the CyberHealth™ Platform. These alerts include details about the triggered security control, the affected resource(s), and potential remediation steps. The engineer leverages their expertise and understanding of your environment to analyze the alerts, determine their severity, and identify potential security risks. This analysis includes monitoring for configuration changes that could introduce security vulnerabilities or cause your compliance posture to drift.

Customer Notification & Communication

The designated compliance engineer will promptly notify your designated personnel upon detection of a high-priority security alert. They will work with your team to understand the situation, analyze the alert details provided by CyberHealth™ Platform, and develop a comprehensive remediation plan.

Respond & Recover

Remediation Guidance

ClearDATA Advanced offers detailed explanations of the compliance controls within the CyberHealth™ Platform, clarifying their purpose, importance, and how they contribute to overall cloud security and compliance. The designated loud compliance engineer will assist in interpreting the data and reports generated by the CyberHealth™ Platform, providing actionable insights and recommendations to improve and maintain security and compliance posture.

Report

Scheduled Compliance & Posture Reviews

ClearDATA Advanced offers optional scheduled compliance and posture reviews. These in-depth assessments provide a deeper evaluation of your cloud environment’s alignment with your security policies and relevant standards. You can customize the frequency and focus of the reviews to meet your specific needs. The designated compliance engineer will collaborate with you to define the scope and ensure it aligns with your security goals.

Security & Compliance Audit Support

ClearDATA Advanced provides audit support for HIPAA and HITRUST in the form of our standard response. ClearDATA responds to audits and inquiries about ClearDATA’s internal operations, including those required by HIPAA, as part of the obligations as a business associate to provide satisfactory assurances or as otherwise contractually and legally required.

The designated compliance engineer will provide explicitly requested evidence or artifacts that help support or otherwise demonstrate satisfactory security and compliance assurances on covered services supported by ClearDATA’s platform or for business functions that are captured in the CyberHealth™ Platform only.

 

© ClearDATA Networks, Inc. 2024

Revision Date August 2024