Healthy.io has identified auditable event categories across systems and devices within the Healthy.io system. Service teams configure the auditing features to continuously record the security-related events in accordance with requirements.
The log storage system is based on the Google Cloud Platform (GCP) and designed to provide a highly scalable, highly available service that automatically increases capacity as the ensuing need for log storage grows. The company monitors and audits all accesses to the log and monitor systems. Audit records contain a set of data elements in order to support necessary analysis requirements. In addition, audit records are available for the Healthy.io security team or other appropriate teams to perform inspection or analysis on demand and in response to security-related or business-impacting events.
Designated personnel on Healthy.io teams receive automated alerts in the event of an audit processing failure. Audit processing failures include, for example, software/hardware errors. When alerted, on-call personnel issue a trouble ticket and track the event until they resolve it.
Independent third-party auditors review Healthy.io’s logging and monitoring processes for continued compliance with HITRUST and ISO/IEC 27001:2013.