Security Architecture and Operating Model

2025.04.16

In the digital age, cyber attacks are inevitable. At ClearHealth, we are taking a “zero trust” and “minimal infrastructure” approach to managing risk and information security.

This document describes our guiding principles and aspirations in managing risk and the building blocks of our security model.

Policy Statements

ClearHealth policy requires that:

(a) ClearHealth’s security program and operations should be designed and implemented with the following objectives and best practices:

• data-centric, cloud-first
• assume compromise, therefore never trust, and always verify
• apply controls using least-privilege and defense-in-depth principles
• avoid single point of compromise
• automate whenever possible, the simpler the better; less is more
• prompt self management and reward good behaviors

(b) Security shall remain a top priority in all aspects of ClearHealth’s business operations and product development.