Terms of Service
STATEMENT OF COMMITMENT
iMedhealth is committed to being a resilient organization that operates efficiently, with minimal disruption. The programs that support this commitment enable our company to better anticipate disruptions, adapt to events, and provide reliable service. iMedhealth has invested in this area by incorporating enterprise risk management into our decision-making processes and developing a business continuity program (BCP) that minimizes identified risks. Institutionalizing a risk-based crisis management and continuity program to prepare for, respond to, and recover from disruptive events supports our commitment. Most importantly, organizational resiliency enables iMedhealthto honor our commitment to our team members and clients to be the best custom software development company.
The following individuals are designated plan coordinators for their respective departments and are responsible for the execution of this plan in a qualified disaster.
|DR. UMER KHAN||CEOemail@example.com|
|IRFAN MALIK||COO||+92 345 firstname.lastname@example.org|
|ASIM BUTT||CTO||+92 321 email@example.com|
|AYAZ QAISER||VP of Operations||+92 321 firstname.lastname@example.org|
|AHMED SULTAN MIRZA||VP of Business Development||+92 322 email@example.com|
This policy is intended to ensure:
- The concept of Business Continuity and our policy and approach is understood by all stakeholders.
- Internal and external dependencies on clients, suppliers, partners and resources implications are identified.
- Plans are developed to ensure recovery continuity is assured to an acceptable level in the event of an interruption to services.
- Plans are systematically maintained and tested.
- A training and communication plan is put in place.
- The iMedhealthRecovery Time Objective (RTO) is 24 hours. iMedhealthwould expect to provide 24 hour or less recovery time in the event of a disaster causing a long lived power or network failure in any of our facilities. People will relocate to their homes to work from there and will bring their computers home if needed. iMedhealthalready has a work from home policy in place in Bulgaria that establishes this option and policies for controlling QSD028 - Remote Network Access, QSD030 - Network Security and QSD026 - Virtual Private Network Policy
- The Recovery Point Objective (RPO) is to resume product development, testing, and production support activities. The RPO for clients is to be able to resume normal operations for project management, development and testing staff within the agreed to RTO. Other less business critical functions such as invoicing may take longer to resume.
The objectives of business continuity planning are to ensure that iMedhealth:
- Understands its critical activities and maintains the capability to resume operations within agreed timeframes, following the deployment of a contingency planning response.
- Increases resilience by protecting critical assets and data (electronic and otherwise) through a coordinated approach to management and recovery.
- Minimizes impacts using a focused, well-managed response activity.
The previously identified Business Continuity Team will act with the utmost attention of ensuring the security, privacy and business continuity. They will conduct an employee briefing relaying pertinent details of what happened, what business operations were affected and the plan for recovery. Additional notifications will be made to:
- Off-duty team members about work status
- Insurance carriers about incident details: In case of an incident, an investigation will be conducted by the Business Continuity Team notating details of the incident scene via video recording and digital photography. Damage related costs will be recorded to include charges for purchases and repair work. Protection of undamaged facility operations will be approached by the following procedures:
- Your named point(s) of contact are notified. iMedhealthrepresentatives will notify your primary point(s) of contact within 1 hour of any interruption in service and with updates every 4 hours afterwards with each update containing our best estimate for when service will resume. This protocol is documented in QSD051 - Disaster Management Process.
Staff contingency plan: For production support related activities involving PHI and which need to be performed from a controlled environment, we will designate a secondary iMedhealthoffice in Pakistan as the physical location where such activities will occur, and either have trained staff located in the USA, or plan to have resources relocate to the secondary site as needed, in cases when this is physically possible.
In cases when relocation to another physical office of iMedhealthis not possible, such as disaster affecting more offices, disease epidemic, world pandemic, disaster affective the world, iMedhealthis going to follow the QSD051 - Disaster Management Process and communicate the possible business continuation plan.
For development and QA activities related to new feature development or client implementations, the iMedhealthemployees would have the option to work from their home offices. We will have them VPN into the iMedhealthsecure network and we will provide all needed tools both software and hardware so work will continue in the iMedhealthenvironment.
In cases where team members were using VPN to connect directly to a client's secured environment they will continue to do so, instead from their home offices rather than the iMedhealthoffice.
All employees will review disaster preparation and emergency action plan procedures with their Managers. New employees will be introduced to our emergency action plans via employee orientation. Mock disaster training will be conducted annually. Quarterly training will approach a walk through to functional drills to an evacuation drill leading to full-scale mock disaster training.
The following Business Contingency Plan and all related procedures are approved by iMedhealth President effective the date signed below.