FlowTrack is committed to protecting its employees, partners, clients/customers and the company itself from damaging acts either malicious or unintentional in nature. This includes implementation of policies, standards, controls and procedures to ensure the Confidentiality, Integrity, and Availability of systems and data according to their risk level.
The FlowTrack security program and policies are developed on the principles that (1) security is everyone's responsibility and (2) self-management is best encouraged by rewarding the right behaviors.
FlowTrack has developed a security program and implemented controls to meet and exceed all compliance requirements, including but not limited to HIPAA, PCI, NIST, and other applicable industry best practices. SOC 2 Common Criteria (Trust Services Criteria) Certification is on our road map and many of SOC 2 principals have been implemented by designing and operating effective controls.
On a high level, FlowTrack’s information security program covers:
The information security program and its policies and procedures cover all FlowTrack workforce members, including full-time and part-time employees in all job roles, temporary staff, contractors and subcontractors, volunteers, interns, managers, executives employees, and third parties. For ease of reading these policies all the above workforce members may be refered to solely as 'workers', 'employees', or 'workforce' which shall mean any and all of the above and not representitive of the workforce members legal lable and/or classification.
The information security program is managed by security and compliance personnel, using AWS and Internal Processes/Tools as a GRC platform.
Policies are written in individual documents, each pertaining to a specific domain of concern.
Each document starts with the current version number and/or last updated date, followed by a brief summary. The remaining of the document is structured to contain two main sections:
All policy documents are maintained, reviewed, updated and approved following standards and procedures outlined in Policy Management.
The information security program, policies, procedures and controls are reviewed on a regular basis internally by cross functional team members and/or externally by qualified assessors.
Fincosa LLC, 220 Calle Manuel Domenech #2012, San Juan, PR, 00918, USA