Facility Access and Physical Security

2020.1

Changineers is a remote-first company and has no physical offices for workers. When necessary, Changineers uses a rented office for in-person meetings but no information is stored on the premesis.

Changineers and its Subcontractors have no physical access to the AWS Cloud data centers, in accordance to the HIPAA Security Rule 164.310 and its implementation specifications.

Controls and Procedures

Physical Security

• Workstation Security

  • Workstations may only be accessed and utilized by authorized workforce members to complete assigned job/contract responsibilities.
  • All workforce members are required to monitor workstations and report unauthorized users and/or unauthorized attempts to access systems/applications as per the System Access Policy.
  • All workstations purchased by Changineers are the property of Changineers and are distributed to users by the company.

Data Center Security

Physical security of data centers is ensured by the cloud infrastructure service provided, AWS. manages no physical infrastructure or data centers.

Clean Desk Policy and Procedures

Employees must secure all sensitive/confidential information in their workspace at the conclusion of the work day and when away from their workspace. This includes both electronic and physical information such as:

• computer workstations, laptops, and tablets
• removable storage devices including CDs, DVDs, USB drives, and external hard drives
• printed materials

Computer workstations/laptops must be locked (password protected) when physically unattended. Portable devices such as laptops and tablets should be taken home at the conclusion of the work day.

Removable storage devices and printed documents must be treated as sensitive material and locked in a drawer or similar when not in use. Printed materials must be immediately removed from printers or fax machines. Passwords must not be written down or stored physically.