Safeguards to Protect Your Information
Accerta, as an organization, takes the secure life cycle management of both Personal Information (PI) and Personal Health Information (PHI) very seriously. Accerta recognizes that the safeguarding of its organization’s information assets, as well as that of its plan sponsors and clients is critical to its business operations. Accerta is committed to its privacy protection practices and has earned the trust and confidence of its stakeholders. The privacy and security practices that have been implemented as an organization go beyond those laid out in statutory requirements, regulatory obligations and contractual service commitments.
The Accerta privacy and security program leverages proactive and detective mechanisms to support the identification and remediation of information risk through a well-defined security governance, policy and control framework. Policy documents which support the Accerta security program are based on industry standards and developed with attention to guidelines such as ISO 27001, the Government of Ontario Information and Technology Standards (GO-ITS) and those provided by the office of the Information and Privacy Commissioner of Ontario.
Security controls are operationalized at Accerta through some of the following physical, technical and administrative controls:
The Accerta facility restricts access to personnel at entry to the premises and other internal zones.
Visitors and third party vendors to Accerta facilities are required sign in and out, must be escorted while on the premises.
Secure disposal is required for paper document copies, systems or hardware containing PI/PHI which is no longer required and/or is decommissioned.
All systems and applications that store PI/PHI managed by Accerta, reside within secure Data Centres in Canada.
Audit logs are maintained to record user activities and system administrator’s activities.
Desktop and network passwords are required and refreshed for all employees and system administrators in accordance with the Accerta Information Security Policy.
Encryption technology is utilized in accordance with industry best practice to reduce risk of unauthorized access to information assets.
Network traffic is monitored and managed using to proactively detective technology to allow to timely response to security events.
Periodic review of system vulnerabilities through testing of technical configurations, patches, and operational security practices.
All personnel and representatives of Accerta are required to sign confidentiality agreements and undergo criminal background screening.
Access to PI or PHI, is restricted to personnel based on their defined role; personnel are prohibited from using or disclosing such information for any secondary purposes.
A breach and incident notification procedure has been documented and communicated to all staff, service providers and contractors requiring the prompt reporting and notification of any privacy or security matters to the Accerta Privacy & Security Office for investigation.
Onboarding and termination procedures include privacy and security controls.