| layout |
|---|
default |
Health Note manages and documents all changes to production systems and networks within JIRA, the project management and issue tracking system.
- 06 - Configuration Management
- 164.310(a)(2)(iii) Access Control & Validation Procedures
- No systems are deployed into Health Note environments without approval of the Health Note CTO or Head of Engineering or designee.
- All changes to production systems, network devices, and firewalls are approved by the Health Note CTO or Head of Engineering or designee before they are implemented to assure they comply with business and security requirements.
- All changes to production systems are tested before they are implemented in production.
- Implementation of approved changes are only performed by authorized personnel.
- An up-to-date inventory of systems is maintained using Google spreadsheets and architecture diagrams hosted on Google Apps. All systems are categorized as production and utility to differentiate based on criticality.
- All frontend functionality (developer dashboards and portals) is separated from backend (database and app servers) systems by being deployed on separate servers or containers.
- All committed code is reviewed using pull requests to assure software code quality and proactively detect potential security issues in development.
- Health Note utilizes development and staging environments that mirror production to assure proper function.
- Clocks are continuously synchronized to an authoritative source across all systems using NTP or a platform-specific equivalent. Modifying time data on systems is restricted.
| Revision Date | Revision Description | Notes |
|---|---|---|
| 4/18/2019 | Initial | Initial |
| 4/14/2020 | Reviewed | No changes |
| 3/29/2021 | Reviewed | No changes |
| 2/24/2022 | Reviewed | No changes |
| 4/10/2023 | Reviewed | No changes |
| 5/02/2024 | Updated | General updates |