The Healthy.io Secure System Development Life Cycle (Secure SDLC) incorporates industry best practices that include formal design reviews by the Healthy.io Security Team, threat modeling, code reviews, and completion of a risk assessment. In alignment with ISO/IEC 27001:2013 standard, Healthy.io has established formal policies and procedures to delineate the minimum requirements for logical access to Healthy.io resources. Healthy.io limits access to source code to authorized personnel. Where feasible, it maintains source code in a separate project or repository for independent projects. Healthy.io grants access to its employees only to those projects or repositories to which they need access to perform their duties. The source code repository enforces control over changes to source code by requiring a review from designated reviewers before accepting a new code or code changes. It maintains an audit log detailing modifications to the source code.
Healthy.io HITRUST and ISO reports outline the controls in place to manage access provisioning to Healthy.io resources. It scans Source code builds for malware before the production release. Healthy.io has procedures to manage new development of resources.
Refer to ISO/IEC 27001:2013 standard, Annex A, domain 14 for additional details. An independent auditor has validated and certified that Healthy.io aligns with ISO/IEC 27001:2013 certification standards. Healthy.io communicates its security and control environment to customers through industry certifications and third-party attestations, white papers, and provision of certifications, reports, and other relevant documentation directly to Healthy.io customers.