Medzy Trust Center

Below is a list of all related controls for this domain. A status of green means compliant, yellow means partially compliant, and red means non-compliant.

Audit and Compliance

An audit and compliance program is in place to ensure that the organization operates according to applicable laws, regulations, policies, and standards. This includes conducting internal and external audits to assess compliance, identifying areas of non-compliance, identifying opportunities for improvement, implementing corrective actions, and reporting to relevant stakeholders. The goal is to ensure the organization optimizes security, operates ethically and legally, and mitigates non-compliance.

Business Impact Analysis (BIA)

The organization performs a business impact analysis (BIA) to assess the potential consequences of disruptions to critical business operations resulting from events such as natural disasters, cyber-attacks, or other incidents. The BIA identifies and evaluates critical business functions and processes that may be affected by disruptions, including financial stability, reputation, customer service, and compliance with legal and regulatory requirements. Results from the BIA are factored into risk assessment activities as well as incident response and business continuity and disaster recovery planning activities.

Risk and Compliance Management Policy

The organization has established a risk management policy that outlines the process for identifying, assessing, and prioritizing potential threats. This policy aims to ensure the confidentiality, integrity, and availability of information assets, considering the organization’s risk tolerance, business objectives, and available resources. It encompasses continuous monitoring, assessment, and evaluation of potential risks, as well as the implementation of risk mitigation measures to minimize the impact of security incidents and prevent data loss, theft, or damage.

Risk Assessments

The organization conducts risk assessments to evaluate potential risks associated with specific activities, projects, or situations. This systematic process involves analyzing weaknesses and threats to determine their likelihood and potential impact, ultimately identifying suitable measures to mitigate or manage risks to an acceptable level.

Risk Management Program

The organization has implemented a risk management program to identify, assess, and mitigate threats in an organization and maintain an acceptable risk level. It involves identifying potential risks, evaluating their impact, implementing strategies to reduce risk, and monitoring and adapting the program over time.