Policy Management

2020.1

Changineers implements policies and procedures to maintain compliance and integrity of data. The Security Officer and Privacy Officer are responsible for maintaining policies and procedures and assuring all Changineers workforce members, business associates, customers, and partners are adherent to all applicable policies. Previous versions of policies are retained to assure ease of finding policies at specific historic dates in time.

Policy Statements

Changineers policy requires that:

(a) Changineers policies must be developed and maintained to meet all applicable
compliance requirements, such as HIPAA, PCI, and SOC 2, and adhere to security best practices.

(b) All policies must be reviewed at least annually.

(c) All policy changes must be approved by Changineers Security Officer. Additionally,

• Major changes may require approval by Changineers CEO or designee;
• Changes to policies and procedures related to product development may require approval by the Head of Engineering.

(d) All policy documents must be maintained with version control, and previous versions must be retained for a minimum of seven years.

(e) Policy exceptions are handled on a case-by-case basis.

• All exceptions must be fully documented with business purpose and reasons why the policy requirement cannot be met.
• All policy exceptions must be approved by both Changineers Security Officer and COO.
• An exception must have an expiration date no longer than one year from date of exception approval and it must be reviewed and re-evaluated on or before the expiration date.