The InfoSec team at AccuCode AI is committed to ensuring our systems, processes and personnel comply with all relevant laws, regulations, standards and contractual obligations related to security and privacy. This is critical given the sensitive healthcare data we process.
Key compliance domains:
Version1.0.3 Last Updated2023-11-13 APPROVED
This Certificate Practice Statement (CPS) Policy outlines the practices and procedures followed by AccuCode AI Inc. in the issuance, management, revocation, and renewal of digital certificates. This policy is in accordance with the requirements of the AccuCode AI Certificate Policy (CP) and the AccuCode AI Public Key Infrastructure (PKI).
The purpose of this policy is to ensure that the AccuCode AI PKI is operated in a secure, trustworthy, and consistent manner, and that all parties involved in the PKI have a clear understanding of their roles and responsibilities.
This policy applies to all digital certificates issued by the AccuCode AI PKI, including those used for authentication, encryption, and digital signatures. This policy also applies to all AccuCode AI employees, contractors, and third parties involved in the operation of the PKI.
All digital certificates issued by the AccuCode AI PKI shall be issued in accordance with the AccuCode AI Certificate Policy and the requirements of this CPS. The issuance of certificates shall be performed by authorized AccuCode AI personnel only.
The AccuCode AI PKI shall maintain a system for the management of certificate lifecycles, including issuance, revocation, and renewal. This system shall be operated in accordance with the requirements of the AccuCode AI Certificate Policy and industry best practices.
The AccuCode AI PKI shall maintain a secure system for the management of cryptographic keys, including key generation, distribution, storage, and destruction. All keys shall be generated and stored using Azure Key Vault, which is SOC-II compliant.
The AccuCode AI PKI shall maintain a system for the revocation of digital certificates in accordance with the AccuCode AI Certificate Policy. Revocation requests shall be processed promptly and in accordance with industry best practices.
The AccuCode AI PKI shall maintain a system for the renewal of digital certificates in accordance with the AccuCode AI Certificate Policy. Renewal requests shall be processed promptly and in accordance with industry best practices.
The AccuCode AI PKI shall be subject to regular audits to ensure compliance with the AccuCode AI Certificate Policy, this CPS, and industry best practices. Audit results shall be reviewed by the InfoSec team and any necessary corrective actions shall be taken promptly.
The PKI Manager is responsible for the overall operation and management of the AccuCode AI PKI, including ensuring compliance with the AccuCode AI Certificate Policy and this CPS.
PKI Administrators are responsible for the day-to-day operation of the AccuCode AI PKI, including certificate issuance, revocation, and renewal.
The InfoSec team is responsible for reviewing audit results and ensuring that any necessary corrective actions are taken promptly.
The InfoSec team will verify compliance to this policy through various methods, including but not limited to, periodic audits, business tool reports, and internal and external feedback to the policy owner.
Any exception to the policy must be approved by the InfoSec team in advance.
An employee found to have violated this policy may be subject to disciplinary action, up to and including termination of employment.