Vulnerability Management

2025.04.16

Policy Statements

ClearHealth policy requires that:

(a) All production systems must be scanned for vulnerabilities, at least, quarterly and with each major change.

(b) All vulnerability findings must be reported and tracked through resolution. Records of findings must be retained for at least seven years.

(c) All applications that convey critical or sensitive information must follow the security guidelines on the CHS Confluence page, Software Architecture, & Security to prevent vulnerabilities and follow the defined testing protocol.