Shared Responsibilities
Clinical Branches Shared Responsibilities Model
What are the shared responsibilities for Clinical Branches?
This model outlines the division of responsibilities between Kraken Coding and our customers in maintaining the security and functionality of the Clinical Branches platform.
Green dots signify the responsibility of either Kraken Coding or the Customer
Responsibility
Kraken Coding
Customer
Infrastructure Security
Kraken Coding maintains and secures the physical and virtual infrastructure hosting the application, including firewalls, intrusion detection/prevention systems, and regular security patching.
Platform Security
Kraken Coding secures the operating systems, databases, and middleware components, implementing platform-level access controls and regularly updating all platform components.
Application Security
Kraken Coding implements secure coding practices, conducts regular code reviews and security testing, and maintains application-level access controls and authentication mechanisms.
Data Encryption
Kraken Coding implements and maintains encryption for data in transit and at rest, securely manages encryption keys, and ensures proper encryption of backups and data exports.
Access Control Management
Kraken Coding provides the access control management system, while customers are responsible for assigning and managing system administrators within their organization and setting appropriate user access levels.
User Authentication
Kraken Coding implements and maintains the authentication system, while customers are responsible for ensuring that only authorized employees have active accounts and enforcing strong authentication practices.
Data Backup and Recovery
Kraken Coding implements and maintains a comprehensive backup strategy, performs regular backups, and conducts disaster recovery drills to ensure data integrity and availability.
Incident Response and Management
Kraken Coding maintains an incident response plan and 24/7 incident response service, while customers are responsible for promptly reporting any suspected security incidents and cooperating during investigations.
Compliance with Data Protection Regulations
Kraken Coding ensures platform compliance with relevant regulations, while customers are responsible for ensuring their use of the platform complies with applicable regulations and obtaining necessary consents from data subjects.
Staff Training on Security Practices
Kraken Coding provides security awareness training for its staff and offers guidance on security best practices, while customers are responsible for ensuring their staff complete required training and understand security policies.
Clinical Content Development
Kraken Coding develops and maintains core clinical content, while customers can develop custom clinical content as needed for their specific requirements, ensuring adherence to relevant clinical standards.
Clinical Content Approval
Kraken Coding implements a rigorous approval process for core clinical content, while customers are responsible for implementing internal approval processes for their custom content and managing content subscriptions.
Regular Security Assessments
Kraken Coding conducts regular internal and third-party security assessments, including penetration testing and vulnerability scans, to ensure the ongoing security of the platform.
Vulnerability Management
Kraken Coding implements a comprehensive vulnerability management program, regularly scanning all system components and prioritizing remediation based on severity and potential impact.
Patch Management
Kraken Coding maintains a comprehensive patch management process, regularly reviewing and applying security patches to all system components after appropriate testing.
Business Continuity Planning
Kraken Coding develops and maintains a comprehensive Business Continuity Plan (BCP) for the platform, while customers are responsible for developing internal BCPs that integrate with Kraken Coding's platform BCP.
Disaster Recovery
Kraken Coding develops, maintains, and regularly tests a comprehensive Disaster Recovery (DR) plan, ensuring geographically dispersed backup locations and clear communication during DR events.
Data Retention and Disposal
Kraken Coding implements data retention policies and secure disposal methods, while customers are responsible for defining internal data retention policies and ensuring compliance with relevant regulations.
Third-party Risk Management
Kraken Coding maintains a comprehensive third-party risk management program, while customers are responsible for notifying Kraken Coding of any third-party integrations they implement that interact with the platform.
Audit Logging and Monitoring
Kraken Coding implements comprehensive audit logging and real-time monitoring across all system components, while customers are responsible for promptly reporting any suspicious activities identified in audit logs.
Change Management
Kraken Coding maintains a comprehensive change management process, while customers are responsible for implementing internal change management processes for customer-managed aspects of the platform and reviewing change notifications.
Detailed Responsibilities
For a detailed breakdown of each responsibility, please refer to our full Shared Responsibilities Model document. If you have any questions about these responsibilities, please don't hesitate to contact us.
Contact
Contact Us
Mailing Address
PO Box 40431 Casuarina NT 0811
Email Us
info@krakencoding.com
Call Us
(08) 7918 5085