Policy Documents
Overview
The Policy Documents feature allows organizations to store compliance documents and access other compliance resources. Users may access resources such as the AWS BAA, SOC Reports, Incident Reporting Documents. Included in this functionality is the ability to upload executed business associates’ agreements (BAA) and compliance documents. This feature is available on Dash Version 1.7.0 and later.
Compliance Resources
AWS Business Associates’ Addendum – The Amazon Web Services Business Associates Addendum defines compliance responsibilities and physical protections provided by AWS. Organizations are required to complete this document to store PHI on AWS.
Navigate to the Documents page in the Policy Center and Click on the “View BAA” Button.
You may be prompted to login to your AWS account. Login with your credentials.
Once you are at the AWS Artifacts screen, you may go to the AWS Business Associates’ Addendum
AWS SOC 1, SOC 2, and SOC 3 Reports – Amazon Web Services independent third-party examinations for SOC 1, SOC 2, and SOC 3 reports. Organizations may receive requests for SOC reports and can access these documents here.
Navigate to the Documents page in the Policy Center and Click on the “View BAA” Button.
You may be prompted to login to your AWS account. Login with your credentials.
Once you are at the AWS Artifacts screen, you may scroll to SOC 1, SOC 2, and SOC 3 Reports.
Business Associates Agreement (BAA) Template – Your organization may enter into a business associates’ agreement (BAA) with Business Associates (BAs) Covered Entities (CEs). Click the “Download BAA Template” to download the provided BAA template as a starting point for drafting and executing a BAA.
Incident Documents – In case of a security event or a potential security breach, documents are available for handling the incident response process. You can access the documents related to the Incident Response Policy by clicking the “View Incident Documents” button.
Uploading Business Associates’ Agreements
When working with Business Associates (BAs) or Covered Entities (CEs) your organization will sign and execute business associates’ agreement outlining how protected health information (PHI) will be handled.
To keep track of vendor or customer BAA agreements. We recommend that organization uploads all executed and valid BAA documents to the Documents page in Dash.
To upload a BAA document:
Login to Dash and go to the Documents page under the Policy Center.
Click the “Upload Executed BAA” Button above the Executed Business Associates’ Agreements
3. Upload your BAA file and enter the name of the organization the agreement is with in the Organization Name field.
Uploading Other Compliance Documents
As your organization completes compliance activities, you may have other compliance documents such as risk assessments, penetration tests, certifications, or other files that you may want to store and track. The “Other Documents” section of the Documents page is a good place to store these files.
We recommend that you do not upload files or logs containing protected health information (PHI) in these sections.
To upload a compliance document:
Login to Dash and go to the Documents page under the Policy Center.
Click the “Upload Other Document” Button above the Other Documents
3. Upload your compliance file, your name for the file (IE. “Risk Assessment 7-1-19”) and the file-type (IE. PDF, DOC, etc).
Deleting Compliance Documents
As business relationships change, or compliance processes change you may want to remove specific BAA documents or compliance documents. You can remove individual documents by following these actions:
Go to the Documents page under the Policy Center.
Click the “X” Button from the BAA or Compliance Document you want to remove from Dash.
Click “Yes” to confirm deletion of the compliance document from Dash. You can cancel this deletion by clicking “No”.