Information Management System: Applicable
standard or regulation 6.19, chapter 26
Information Management System: Applicable standard or regulation 6.19, chapter 26
We use Therap, a software designed specifically for those with intellectual disabilities. It allows customizable plans, data tracking, health tracking, and more. This system allows for all data to be updated in live time and all individuals on the team to have access right away.
This system allows us to track incident reports, appointment records, all updates to client files and activity of any and all agents who access the system.
All client files are similar in format and placement of information with all services related to rules and regulations with customized notes and goals for each client. We encourage all providers and clients to customize to meet their needs, this may result in simple or complex plans.
Backup includes (from Therap), physical controls, logical controls, and procedural controls to secure and back up information.
Therap Security Primer
At Therap Services, emphasis is placed upon the confidentiality, integrity and availability of the
services and associated data provided to customers. The network and computing infrastructure
that has been designed and developed to deliver these services is assessed on an ongoing
basis to ensure compliance with the stated goals. This is accomplished by a combination of
physical, logical and procedural controls.
An important contributor to the controls and practices developed at Therap is the "Twenty
Critical Security Controls for Effective Cyber Defense" document that has been developed by
the SANS organization (www.sans.org). The document was created and is actively mainta'ned
by a combination of federal, military and civilian cyber security experts, and is gaining
acceptance as a de-facto standard for Secure IT infrastructures
Site Access: Controlled/monitored physical access to site, and installed equipment
System Backups: Local disk and tape backups, offsite encrypted tape backups
Inter-site Redundancy. Two sites with matching infrastructure, either of which can
function as the 'live' site
Redundancy, Environmental: Dual power feeds, supported by UPS and generator
Redundancy, Infrastructure: RAID disk layouts, highly-available storage facilities,
multiple application servers
Firewalls: Controlled access to Therap •nfrastructure, and between security zones
Anti-Malware: Examination of uploaded files prior to acceptance into system
Load Balancers: Transparent control of user sessions across redundant servers
Database Replication: Near real-time replication (30 seconds or less) between sites
Centrahzed Logging and Event Monitoring: 24x7x365 active monitoring and assessment
of infrastructure- and application-level events by Therap Staff
Vulnerability Assessments: Annual 3rd-party assessments, ongoing assessments
Vulnerability Assessments, self-performed: On-demand and scheduled assessments
performed by Therap staff via locally installed vulnerability assessment software suite
Application User IDs: Controlled within the application by agency administrators. user id
policies, including role-based controls, are set by the customer administrator.
• Operations User IDs: Controlled via approval, Chief of System Operations
Role-based Access Control: Access level(s) granted on role-based scope
Change Management: Defined set of procedures executing changes to the environment
Patch Management: Process for the installation of software and firmware updates
Disaster Recovery: Review and (if necessary) address defined failure scenarios
Log Analysis/Review: Device logs are forwarded to a central server for analysis
Perforrnance Review: Performance metrics for the application and infrastructure are
compiled for subsequent analysis and proactive planning
C Copyright Therap Services. LLC. 2003 - 2016. Al Rights Reserved.
US. Patents #8819785, #8739253, #8281370, #8528056. #8613054, #8615790