Responsible Disclosure Policy
This Responsible Disclosure Policy supports the corporate goals of Smile CDR (the company) and is intended to provide staff, partners, the open source community and clients with clear information on the information security practices and objectives.
Information management is an essential part of good IT governance, which in turn is a cornerstone in corporate governance. An integral part of the IT governance is information security, in particular pertaining to personal information.
The company is committed to taking a proactive approach to security in all of its offerings (including HAPI FHIR) and as such will provide the necessary resources to protect all its assets appropriately.
The policies, standards, and processes that support the Information Security Policy will be developed and maintained to ensure the contractual obligations, legislative requirements and adhere to best practices. Wherever possible the ISO 27001/27002 standards will be incorporated.
This policy is intended for all staff, clients, OSS contributors, the general public and entities acting on behalf of Smile CDR.
1.3. Review of Information Security Policy
All policies including the Information Security Policy must be reviewed at least annually by the Chief Privacy and Security Officer.
The review date must be documented and signed off by the Chief Privacy and Security Officer.
All revision must follow the Smile CDR policy review process and have the approval of the Chief Executive Officer.
1.4 Revision History
|Revision||Date||Record of Changes||Reviewed By||Approved By|
|0.1||2021/05/11||Initial Draft||Luis de Barros & James Agnew|
|1.0||2021/05/17||Removed comments||Luis de Barros||Duncan Weatherston|
The information presented in this policy is considered public as it is indeed to be shared for external users and stakeholders.