Privacy Policy

What follows is Walking Doctors (WD) data management policy applied to all projects pursued

independently or in partnership.

Reliability Practices

• Data must be stored in at least two geographically distinct data centers and be durable in the event

of one of the data centers becoming unavailable for any reason

• Every data processing subsystem must be composed of multiple individual resources that are

located in at least two geographically distinct data centers. Such subsystems must be designed to

survive the unavailability of a single data center.

• Network connections into Walking Doctors (WD) systems should terminate close to the end user as

possible.

• Customer data must be separated such that data resources for customers may be operated

independently of each other.

Security Practices

• All data must be encrypted both in transit an at rest.

• All cloud systems involved in data processing must be configured in accordance with the Cloud

Security Policy.

• Customer and staff logins to our applications use cryptographically signed, expiring access tokens

that can be revoked.

• Customer passwords must be evaluated on the basis of an estimated password strength of “Safely

Unguessable” as determined by the Zxcvbn password strength estimation algorithm.

• Employee and contractor passwords must be evaluated on the basis of an estimated password

strength of “Very Unguessable” as determined by the Zxcvbn password strength estimation

algorithm.

• Where possible, medical data must be cryptographically signed by users that last updated the data.

• We employ automatic systems for detection, notification and remediation of software

vulnerabilities, as well as manual review of system changes.

Privacy Practices

• Access to care-receiver data is not granted by default to customer users, but rather granted

explicitly by a customer user with administrative privileges.

• Employee and contractor system access must be granted and reviewed in accordance with the

Access Control Policy.

• Access to care-receiver data by Walking Doctors employees and contractors is made on a least

authority basis. By default, only the CEO, CTO and senior members of the Operations team have

access to care-receiver data for the purposes of system’s monitoring and maintenance only.

Walking Doctors Cloud Security Policy

The following guidelines apply to all use of AWS and similar cloud computing resources. If a service lacks

the capabilities referenced here, a revision of this policy must be approved before the service is

integrated.

• Data, medical or otherwise must be housed and processed in an isolated network, VPC or similar.

IaaS vendors must provide a similar environment with the capability of a private bridge or link to a

Walking Doctors VPC.

• All root credentials to cloud resources must be stored encrypted in the Core Infrastructure section

of our password management system. Access to these credentials is subject to our Access Control

Policy.

• All non-root credentials must be granted on principle of least authority and reviewed in accordance

with our Access Control Policy.

• Application access to managed resources must be managed on a principle of least authority.

Application security roles/policies must confer the least amount of access necessary to function.

• Where possible, application roles should be broken up by function and specific roles and policies

developed to provide minimal access for the given application role.

• Where offered by cloud providers, features that log API usage should be turned on and log to a

location inaccessible by non-root credentials.

• Cloud resource management must use separate accounts for separate environments (for example,

production VPCs must be created in production cloud provider accounts that are separated from

staging and development). This simplifies credential management and improves ability for security

personnel to reason about risk.

Walking Doctors Access Control Policy

Walking Doctors takes a “least access” approach to access control. In addition, we implement the

following policies:

• All Walking Doctors employees or contractors are required to have discrete credentials that are not

shared with any other individuals or groups.

• Employees of Walking Doctors or contractors are only provided access to the minimum resources

necessary for them to complete their required responsibilities.

• When possible, sample, anonymized or synthetic data sets are used as opposed to giving access to

secure PII.

• Access to PII or other secure information can only be approved by the CEO, CTO, or COO.

• Credentials and access are immediately removed upon termination of an employee or contractor, if

not prior to termination when possible.

• Access to critical resources is logged.

• Security assignments and information access rights are reviewed monthly.

• Default accounts are deactivated upon provisioning of a new system or software component.

• System accounts are secured upon provisioning of a new system or software component.

• No user will be provided administrative access to systems or data unless necessary to complete their

job responsibilities.

• Employees may only access information systems using approved work devices.