Evidence

AI Input Data Policy

Document describing AI input data policy covering training use, inference, retention, and customer data rights. (Control: Preventative; Capabilities: Universal)

AI Output Data Policy

Policy document covering AI output ownership, usage rights, opt-out, and deletion policies communicated to customers. (Control: Preventative; Capabilities: Universal)

AI Agent Data Collection Scope Config

Configuration or code scoping AI agent data collection to task-relevant information based on user roles and context. (Control: Preventative; Capabilities: Universal)

IP and Trade Secret Protection Guidance

Guidance document for users on IP and trade secret protection, plus vendor contracts confirming model provider IP protections. (Control: Preventative; Capabilities: Universal)

Customer Data Isolation Configuration

Configuration showing customer data isolation controls preventing cross-customer data exposure when combining customer data. (Control: Preventative; Capabilities: Automation)

PII Detection and Filtering Configuration

Configuration showing PII detection and filtering controls preventing personal data from leaking through AI outputs and logs. (Control: Preventative; Capabilities: Universal)

IP Infringement Prevention — Vendor Contracts

Vendor contracts confirming model provider IP protections preventing AI outputs from violating copyrights, trademarks, or other third-party IP rights. (Control: Preventative; Capabilities: Universal)

Third-Party Adversarial Testing Report

Third-party report of adversarial testing (jailbreaks, prompt injection) with methodology, findings, and remediation tracking. (Control: Preventative; Capabilities: Universal)

Adversarial Input Detection Configuration

Configuration showing adversarial input detection and alerting, plus logs or records of adversarial input incidents and responses with quarterly update cadence. (Control: Preventative; Capabilities: Universal)

Technical Disclosure Policy

Policy or guidelines for technical disclosure decisions preventing over-disclosure of details that could help attackers target the system. (Control: Preventative; Capabilities: Universal)

AI Endpoint Rate Limiting Configuration

Configuration showing rate limiting and query quotas on AI endpoints preventing probing or scraping, plus external penetration testing report covering AI endpoints. (Control: Preventative; Capabilities: Automation)

Real-Time Input Filtering Configuration

Configuration showing real-time input filtering using automated moderation tools for prompt injection and jailbreak protection. (Control: Preventative; Capabilities: Text-generation; Voice-generation; Image-generation)

AI Agent System Access Restriction Config

Configuration showing AI agent system access limited based on declared objectives and context, with monitoring and alerting for AI agent actions. (Control: Preventative; Capabilities: Universal)

AI System User Access Controls

Configuration showing user access controls and admin privileges for AI systems, plus quarterly access review records. (Control: Preventative; Capabilities: Universal)

AI Model Deployment Environment Security

Configuration showing model access controls, API deployment security measures, and model hosting security for AI deployment environments. (Control: Preventative; Capabilities: Universal)

Output Volume Limit Configuration

Configuration showing output volume limits and obfuscation techniques reducing information leakage and preventing adversarial use of model outputs. (Control: Detective; Capabilities: Universal)

AI Risk Taxonomy Document

Document defining risk taxonomy categorizing harmful, out-of-scope, and hallucinated outputs and tool calls with application-specific severity ratings, plus quarterly review records. (Control: Preventative; Capabilities: Universal)

Pre-Deployment Testing Records

Records of pre-deployment testing results and approval sign-offs covering harmful outputs, hallucinations, and out-of-scope outputs across risk categories. (Control: Preventative; Capabilities: Universal)

Harmful Output Filtering Configuration

Configuration showing harmful output filtering controls preventing distressed responses, high-risk advice, offensive content, bias, and deception. (Control: Preventative; Capabilities: Universal)

Out-of-Scope Output Guardrail Configuration

Configuration showing out-of-scope output guardrails, plus logs showing out-of-scope output attempt detection. (Control: Preventative; Capabilities: Universal)

Customer-Defined Risk Detection Configuration

Configuration showing customer-defined risk detection and response aligned to the organization's risk taxonomy. (Control: Preventative; Capabilities: Universal)

Output Sanitization and Warning Configuration

Configuration showing output sanitization controls, plus screenshots showing warning labels for untrusted or unsafe content. (Control: Preventative; Capabilities: Universal)

High-Risk Output Flagging Configuration

Document defining criteria for high-risk output flagging plus configuration showing detection and flagging implementation. (Control: Preventative; Capabilities: Universal)

AI Risk Category Monitoring Logs

Logs showing AI system monitoring across defined risk categories on an ongoing basis. (Control: Preventative; Capabilities: Universal)

Real-Time User Intervention Mechanism

Demonstration of real-time user feedback and intervention mechanisms emphasizing user control and transparency. (Control: Preventative; Capabilities: Universal)

Third-Party Harmful Output Testing Report

Third-party evaluation report covering harmful output testing with risk taxonomy, methodology, findings, and remediation tracking. Conducted at least every 3 months. (Control: Preventative; Capabilities: Universal)

Third-Party Out-of-Scope Output Testing Report

Third-party evaluation report covering out-of-scope output testing with methodology, findings, and remediation tracking. Conducted at least every 3 months. (Control: Preventative; Capabilities: Universal)

Third-Party Customer-Defined Risk Testing Report

Third-party evaluation report covering customer-defined high-risk outputs with methodology, findings, and remediation tracking. Conducted at least every 3 months. (Control: Preventative; Capabilities: Universal)

Hallucination Prevention Configuration

Configuration showing groundedness validation (fact-checking API, source-doc comparison), plus UI screenshots showing citations and source attributions provided to users. (Control: Preventative; Capabilities: Universal)

Third-Party Hallucination Testing Report

Third-party evaluation report showing hallucination testing with risk taxonomy, methodology, findings, and remediation tracking. Conducted at least every 3 months. (Control: Preventative; Capabilities: Universal)

Tool Call Restriction Configuration

Configuration showing function allowlists, parameter validation, and authorization checks before tool execution, plus rate limits and transaction caps on tool usage, plus logging of tool calls with timestamps and parameters. (Control: Preventative; Capabilities: Universal)

Third-Party Tool Call Testing Report

Third-party evaluation report showing tool call testing including attempts to execute unauthorized actions or access restricted data. Conducted at least every 3 months. (Control: Preventative; Capabilities: Universal)

AI Failure Plan — Security Breaches

Standalone document or integrated incident response procedures covering breach response lead, notification procedures, remediation, and evidence collection for AI privacy and security breaches. (Control: Preventative; Capabilities: Universal)

AI Failure Plan — Harmful Outputs

Standalone document or integrated incident response procedures covering customer communication, immediate mitigation, and staff responsibilities for harmful AI outputs causing significant customer harm. (Control: Preventative; Capabilities: Universal)

AI Failure Plan — Hallucinations

Standalone document or integrated incident response procedures covering compensation assessment, remediation, and notification for hallucinated outputs causing substantial customer financial loss. (Control: Preventative; Capabilities: Universal)

AI System Change Accountability Policy

Policy defining which AI system changes require formal review or approval with assigned leads, plus approval records with supporting evidence. (Control: Preventative; Capabilities: Universal)

Cloud vs On-Prem Processing Decision Record

Risk assessment and decision record evaluating cloud vs. on-premises factors with documented criteria and rationale for AI processing location decisions. (Control: Preventative; Capabilities: Universal)

AI Vendor Due Diligence Records

Vendor assessment records showing evaluation criteria, scoring, verification activities, and approval decisions for foundation and upstream AI model providers covering data handling, PII controls, security, and compliance. (Control: Preventative; Capabilities: Universal)

Quarterly Internal AI Process Review Records

Centralized repository or tickets showing quarterly internal reviews of key AI processes, including review notes, decision logs, and risk register updates. (Control: Preventative; Capabilities: Universal)

Third-Party AI Access Monitoring Logs

Screenshot of logging system or SIEM showing third-party interactions with AI systems being monitored with captured metadata. (Control: Preventative; Capabilities: Universal)

AI Acceptable Use Policy

Policy document defining acceptable and prohibited AI usage, plus configuration or monitoring system detecting AUP violations, plus screenshots of user-facing alerts when AUP is violated. (Control: Preventative; Capabilities: Universal)

AI Processing Location Documentation

Subprocessor list or infrastructure documentation listing cloud regions, inference endpoints, and third-party AI provider locations. (Control: Preventative; Capabilities: Universal)

AI Regulatory Compliance Register

Compliance register or assessment memo listing applicable AI regulations with compliance strategies and review dates. (Control: Preventative; Capabilities: Universal)

AI Quality Management System Documentation

Documentation showing quality objectives, metrics, risk management approach, and change management processes for AI systems, plus issue tracking records. (Control: Preventative; Capabilities: Universal)

AI Activity Logging Configuration

Screenshot of logging code or configuration showing captured AI system activity (inputs, outputs, metadata) with log storage system showing retention policies and access controls. (Control: Preventative; Capabilities: Universal)

AI Disclosure Mechanism Screenshots

Screenshots of text-based AI disclosure (chatbot notice, AI identifier banner), voice AI disclosure transcript, and AI generation labeling — demonstrating users are informed when interacting with AI rather than humans. (Control: Preventative; Capabilities: Universal)

System Transparency Policy and Model Cards

Policy document defining transparency documentation requirements plus transparency artifacts (model card, datasheet, interpretability report, AI Bill of Materials) for major systems. (Control: Preventative; Capabilities: Universal)

AI Cyber Misuse Guardrail Documentation

Configuration or documentation of technical and operational guardrails preventing AI-enabled misuse for cyberattacks and exploitation. (Control: Preventative; Capabilities: Universal)

Catastrophic Misuse Guardrail Documentation

Configuration or documentation of guardrails preventing AI-enabled catastrophic misuse in CBRN (chemical, biological, radiological, nuclear) domains. (Control: Preventative; Capabilities: Universal)

Security Management Process Documentation

Security management process scoped to actual risk surface: developer endpoint security, SaaS platform access, credential management, and code security practices. Evidence: dated security program review, incident log, and management-level reporting on security posture.

Risk Register — ePHI Scoped

Risk analysis addressing actual ePHI exposure: developer endpoints that may encounter PHI during client engagements, SaaS tools that may receive PHI, and developer access paths to client environments. Updated when new engagements, tools, or team changes occur.

Risk Treatment Plan

Risk treatment plan addressing developer endpoint controls (MDM, encryption, screen lock), credential management practices, code security practices, and subcontractor PHI access controls. MDM enrollment reports and SAST scan results as evidence of treatment in practice.

Sanction Policy with Acknowledgment Records

Sanction policy defining development-specific violation scenarios and disciplinary consequences. Disciplinary action log and signed acknowledgment records from all developers confirming they understand PHI-related behavioral requirements.

Audit Log Review Records — Developer Systems

IdP login activity review records for developer accounts. SaaS platform audit log reviews (GitHub, Jira, Slack) showing periodic review for unauthorized access or PHI appearing where it should not. Anomaly detection records showing off-hours or unusual access was investigated.

Security and Privacy Officer Designation

Formal designation of named Security Officer and Privacy Officer with documented authority and appointment date. Evidence of officer activity: risk analysis review, access approval decisions, incident response ownership. Officer contact information included in all BAAs.

Developer Access Matrix

Developer access matrix documenting which personnel have access to which client environments, at what permission level, and for what purpose. Updated as engagements start, change, and close. Background check policy for developers assigned to healthcare clients.

Client Environment Access Authorization Records

Per-engagement access authorization records confirming developer access was pre-approved by a Phase2 lead and client contact with defined scope and duration. Supervised access records for privileged operations involving PHI data.

Engagement Assignment and Clearance Records

Engagement assignment procedure documenting clearance criteria for healthcare client projects. Developer training completion records showing HIPAA awareness, secure development, and PHI handling training completed before client environment access granted.

Engagement Offboarding Checklist

System-by-system offboarding checklist executed at engagement close, confirming developer access revoked from all client systems: code repositories, cloud environments, CI/CD pipelines, and communication channels. Client credential rotation confirmation.

Minimum Necessary Access Records

Engagement access policy defining minimum necessary access principle. Access provisioning records showing what was requested, approved, and provisioned per engagement. Periodic access scope reviews during long-running engagements.

Healthcare Clearinghouse N/A Determination

Documented N/A determination in BA Applicability Analysis confirming Phase2 does not perform healthcare clearinghouse functions. Privacy Officer sign-off. Reviewed annually to confirm determination remains accurate.

Access Authorization Log

Access authorization log with entries for every client environment access grant, showing request, approval, scope, and duration. Need-to-know gate documentation confirming access to healthcare client projects requires explicit assignment.

Access Modification Records

Access modification records for engagement scope changes showing formal request, approval, and provisioning records when developer roles expand. Access reduction records when project phases close.

HIPAA Training Completion Records

Training completion roster showing all developers have completed: HIPAA BA awareness training, PHI identification and handling training, and developer-specific PHI handling procedures. Healthcare-client-specific training records per engagement. Annual refresher records.

Security Reminder Records

Periodic security reminders to developers covering PHI-relevant scenarios: phishing targeting developer credentials for healthcare client systems, credential hygiene, and new HIPAA developments. Security bulletins issued when relevant threats emerge.

EDR and Endpoint Security Deployment Report

EDR and antivirus deployment on all developer endpoints with MDM compliance reports showing 100% coverage. SAST and dependency vulnerability scanning configured in CI/CD pipelines for healthcare client projects with scan results and remediation records.

IdP Login Monitoring and Alert Records

IdP login monitoring configuration showing alerts for failed login attempts, impossible travel, off-hours access, and new device events. Alert investigation records with documented disposition. Review of developer access logs in client environments during active engagements.

Password Manager Deployment Evidence

Enterprise password manager deployment evidence confirming all developers use an approved password manager for client credentials. MFA enforcement configuration showing MFA is mandatory for all accounts with zero standing exceptions. Credential rotation records at engagement close.

Incident Response Plan

Incident response plan scoped to development-engagement risk scenarios: developer account compromise, inadvertent PHI access, client credential exposure, and malware on a developer endpoint with active client sessions. Named IR roles with out-of-hours contacts and CE notification escalation path.

Security Incident Log

Security incident log with engagement-specific fields: incident type, affected developer, client systems potentially accessed, PHI exposure determination, CE notification required, and resolution date. Post-incident review records for healthcare client incidents. Near-miss log.

Business Continuity Plan — Phase2 Operational

Contingency plan covering Phase2 operational continuity: developer tooling, code repositories, internal communication systems. Phase2 does not own client PHI systems — DR for those systems belongs to the client. Per-engagement continuity documentation for active support contracts.

Code Repository Backup Confirmation

Backup confirmation for Phase2-owned systems: GitHub repository mirroring, Google Drive retention configuration, password manager backup/recovery. Client handoff documentation confirming deliverables were transferred to client at engagement close.

Phase2 Operational DR Plan

Phase2 operational disaster recovery plan covering code repository recovery and developer tooling recovery. For managed-support clients: evidence that Phase2 tested ability to continue support during a simulated internal outage.

Emergency Mode Operations Procedure

Emergency mode procedure for Phase2 support obligations — escalation contacts, offline access to client runbooks, backup communication channels. Client runbooks that the CE can execute independently if Phase2 is temporarily unreachable.

Annual Tabletop Exercise Records

Annual tabletop exercise testing developer account compromise and PHI encounter scenarios. Dated records with participants, findings, and process improvements implemented. BCP and IRP revision log showing plans are updated after exercises.

Client Criticality Classification

Criticality classification for active client engagements ranking by PHI sensitivity, ongoing support obligations, and operational impact. Documented prioritization decisions showing the analysis informs actual operational prioritization during disruptions.

Annual Security Evaluation Records

Annual security evaluation including: developer endpoint compliance review, access roster audit, BAA inventory review, and SAST scan results review. Evaluation results reported to leadership with documented remediation priority decisions.

Subcontractor BA Assessment Records

Subcontractor and tool inventory per engagement listing every third party involved in delivery with PHI exposure assessment. Sub-BAA executed before subcontractor access. Annual subcontractor re-assessment confirming SOC 2 or questionnaire verification.

Remote Work Physical Security Policy

Phase2 has no physical offices or facilities — ever. Physical safeguard obligations are limited to developer endpoint security. Evidence: remote work security policy requiring private workspace, screen lock via MDM, and prohibition on accessing client systems from public or non-enrolled devices. MDM screen lock enforcement report.

Emergency Access Documentation

Emergency access documentation for Phase2 operational tools: offline access to client runbooks, emergency contact list accessible without internet, and procedure for continuing client support during a Phase2 systems outage. N/A for data center contingency — documented in BA Applicability Analysis.

Facility Access N/A Determination

N/A determination documented in BA Applicability Analysis: Phase2 is and will always remain fully remote with no physical facilities containing PHI or PHI-bearing systems. Remote work security policy and MDM enforcement serve as the functional equivalent. Privacy Officer sign-off.

Physical Access Validation N/A Determination

N/A determination documented in BA Applicability Analysis: no physical facility with PHI access. Logical access controls (SA13, ST01, ST09) are the functional equivalent. Privacy Officer sign-off.

Maintenance Records N/A Determination

N/A determination documented in BA Applicability Analysis: Phase2 does not operate physical infrastructure containing PHI. Developer device maintenance records (repairs with data handling documentation) serve as the functional equivalent.

Workstation Use Policy and MDM Compliance Report

Remote workstation use policy requiring private workspace when accessing client systems, screen privacy in shared public spaces, and prohibition on accessing healthcare client environments from non-MDM-enrolled or personal devices not meeting minimum security configuration requirements. MDM compliance report confirming enforcement.

Full-Disk Encryption and Remote Wipe Evidence

MDM compliance reports showing 100% of developer endpoints have full-disk encryption enabled and enforced (FileVault for Mac, BitLocker for Windows). Remote wipe capability confirmation with at least one documented wipe event (real or tested). Lost/stolen device procedure.

Developer Device Inventory

MDM-generated device inventory listing all managed endpoints, assigned developers, enrollment dates, and compliance status. USB and removable media policy prohibiting storage of client data on removable media. Device retirement and disposal records confirming full-disk wipe before disposal.

Device Disposal Records

Device disposal records confirming full-disk wipe (NIST SP 800-88 minimum) before any device is recycled, resold, or destroyed. MDM remote wipe completion records. For cloud-only operations: documentation that no PHI was stored locally on Phase2 devices.

Device Re-use Records

Device re-imaging procedure for equipment reassigned between developers — confirming outgoing developer data was fully wiped before reassignment. MDM de-enrollment and re-enrollment records ensuring audit logs remain attributable to the correct individual.

Device Accountability Register

Developer device accountability register showing serial numbers, models, assigned developers, assignment dates, and status. Chain of custody records for device transfers. Annual device inventory reconciliation.

Pre-Migration Backup Evidence

Code repository and project data backup confirmation showing client project repositories are not single-copy. Pre-migration backup evidence for any data migration work. Client handoff confirmation at engagement close.

Access Control Implementation Evidence

Unique developer accounts for all Phase2 systems with no shared accounts — IdP roster showing individual accounts with MFA enforced. For client deliverables: architecture documentation showing RBAC design for ePHI-bearing systems delivered to client at project close.

Unique User ID Provisioning Records

IdP user provisioning records showing each developer has a unique, non-transferable account. Service account inventory showing each CI/CD service account is owned by a named developer. Post-engagement access audit confirming individual deprovisioning.

Emergency Access Procedure

Break-glass procedure for Phase2 own systems with offline emergency contact list. For client deliverables: architecture documentation showing emergency access design delivered to client with pre-launch test record.

Session Timeout Configuration

IdP session timeout configuration showing developer accounts are subject to inactivity logout. For client deliverables: application session timeout configuration documented and delivered to client with QA test record.

Encryption Configuration Evidence

Full-disk encryption on all developer endpoints (FileVault/BitLocker) confirmed via MDM. For client deliverables: architecture documentation showing AES-256 at rest and TLS 1.2+ in transit for all ePHI in the delivered system, with pre-launch security review confirmation.

Audit Log Configuration

Audit log configuration for Phase2 developer tools recording authentication events and repository access. For client deliverables: architecture documentation showing audit logging implemented in the delivered system with pre-launch test record confirming all required events are captured.

Data Integrity Controls

Code integrity controls — signed commits, protected branches requiring PR review, immutable release artifacts. For client deliverables: architecture documentation showing database constraints, validation, and change detection in delivered system.

ePHI Authentication Mechanisms

For client deliverables: architecture documentation showing cryptographic integrity mechanisms for ePHI — immutable audit logs, row-level checksums, or digital signatures. Pre-launch integrity mechanism test record. For Phase2 internal: immutable audit logging for code deployment pipeline.

MFA Enforcement Report

IdP configuration showing MFA is mandatory for all developer accounts with zero standing exceptions — primary evidence for person or entity authentication. For client deliverables: authentication design documentation delivered to client with pre-launch MFA test records.

TLS Enforcement Evidence

TLS enforcement on all Phase2 developer tooling and communication channels. VPN policy for developer access from non-trusted networks. For client deliverables: TLS configuration documentation with pre-launch SSL scan report (Qualys SSL Labs A or A+).

Transmission Integrity Controls

For client deliverables: architecture documentation showing HTTPS with HSTS, certificate pinning for mobile apps, and HMAC for API calls transmitting ePHI. Pre-launch TLS and integrity testing records. For Phase2 internal: signed release artifacts and TLS-enforced delivery pipeline.

End-to-End Encryption Design Documentation

For client deliverables: security architecture document covering external encryption (HTTPS/TLS), internal service-to-service encryption (mTLS), and key management architecture delivered to client. Pre-launch encryption validation via security review or penetration test.

PHI Data Handling Policy

Data handling policy for developer engagements specifying: developers may not copy, retain, or transmit PHI encountered in client environments; any PHI encountered must be immediately reported; no PHI may be used in development or testing without explicit written client authorization.

BAA Inventory and Template

Complete, current BAA inventory with one row per client engagement where developer access to client environments is possible, including BAA execution date and permitted uses. Standard BAA template explicitly reflecting Phase2 role as a software development BA. Pre-engagement BAA confirmation process.

BAA Completeness Review Records

BAA completeness checklist confirming each agreement contains: permitted uses, subcontractor flow-down obligations, breach notification SLA, engagement termination clause, and OCR cooperation clause. Annual BAA review log. Termination clause enforcement evidence for completed engagements.

Minimum Necessary Access Documentation

Developer access scoping documentation per engagement specifying exact systems and data needed, with evidence access was limited to that scope. Engagement access request process with Privacy Officer or client approval for broader access. Post-engagement access review confirming no developer retained access beyond what was necessary.

Individual Restriction Requests N/A Determination

N/A determination: this obligation runs between the CE and the individual. Phase2 has no direct relationships with individuals whose PHI is in client systems. BAA language confirms Phase2 will support the CE in fulfilling restriction requests requiring system changes. Documented in BA Applicability Analysis with Privacy Officer sign-off.

Individual Access Rights N/A Determination

N/A determination: Phase2 does not maintain a designated record set and does not receive individual access requests directly. BAA language commits Phase2 to building systems technically supporting CE access obligations (ePHI export, audit trail, amendment workflows). Documented in BA Applicability Analysis.

PHI Amendment Rights N/A Determination

N/A determination: Phase2 does not maintain PHI in a designated record set. Amendment obligations run between the CE and the individual. Delivered systems technically support CE amendment workflow where Phase2 builds or maintains a PHI-bearing system. Documented in BA Applicability Analysis.

Privacy Officer Designation Record

Formal Privacy Officer designation with named individual, appointment date, and documented scope of authority. Evidence of officer engagement: BAA inventory review, BA Applicability Analysis sign-off, developer incident escalation ownership, periodic policy review. Privacy Officer contact in all BAAs.

Privacy Complaint Intake Log

Privacy complaint intake process with defined channel, named intake owner (Privacy Officer), and documented triage and response workflow. Complaints log (even if empty — its existence demonstrates an operational process). Contractual commitment in BAAs to respond within defined window.

Breach Notification Policy

Scoped breach notification policy acknowledging Phase2 does not host or maintain PHI systems but documenting the scenario where obligations attach: a developer inadvertently accessing, exposing, or exfiltrating PHI from a client environment. Developer incident escalation procedure. No-PHI-encountered log per engagement.

BA-Scoped Breach Definition Guide

One-page breach definition guide for developers explaining: what constitutes PHI, what constitutes access, and the four-factor risk-of-harm test. Developer training record confirming training on PHI identification and breach escalation trigger. Encryption safe harbor documentation for developer endpoints.

BAA CE Notification Commitment

BAA clause committing Phase2 to notifying the CE within a defined internal window (e.g., 5 business days of discovery). Template incident notification to the CE with required data fields. Evidence of CE notification process executed within the committed window from tabletop exercise or real event.

Media Notification N/A Determination

N/A determination with Privacy Officer sign-off: Phase2 does not host PHI systems and does not have the volume of PHI access that would trigger a 500-individual media notification threshold. BAA language confirms Phase2 will provide CE with all data necessary to support any media notification the CE determines is required.

HHS Notification Support Commitment

BAA clause confirming Phase2 will provide the CE with a complete incident data package within an agreed window for HHS portal reporting purposes. Breach data collection template capturing all HHS-required fields. Privacy Officer designation with CE notification coordination responsibility.

BA Breach Notification SOP

BA-specific breach notification SOP defining: internal discovery-to-Privacy-Officer escalation window (e.g., same business day), Privacy Officer-to-CE notification window (e.g., 5 business days), and documentation requirements at each step. Engagement offboarding checklist confirming access was revoked. Contractual notification SLA in each BAA.

Law Enforcement Delay Policy Provision

Policy provision acknowledging the law enforcement delay option (written up to 90 days, oral up to 30 days). Privacy Officer authority documentation to evaluate and act on such requests. Documented acknowledgment that this provision is supported but unlikely to trigger given Phase2 narrow PHI exposure profile.

AIMS Scope Document

Documented scope statement for the AI management system identifying the boundaries, AI systems covered, any exclusions with justification, and organizational context factors that informed scoping.

Interested Party Register

Register of interested parties relevant to the organization's AI systems — including customers, regulators, employees, and affected populations — with documented requirements that inform the AIMS.

AI Governance Charter and Leadership Designation

Documented AI governance charter signed by top management establishing the AIMS, naming the accountable AI governance owner, and evidencing leadership commitment to AI risk management objectives.

AI Policy with Version History

Leadership-approved AI policy with version history, communication evidence, and personnel acknowledgment records. Dated, version-controlled, and accessible to all relevant personnel.

AI Roles and Responsibilities Matrix

RACI or equivalent documentation assigning AI governance responsibilities to named individuals — AI governance lead, AI system owners, data stewards — with evidence of communication.

AI Risk Register

AI-specific risk register documenting identified AI risks (bias, hallucination, adversarial vulnerability, harmful outputs), likelihood/impact ratings, treatment decisions, and named owners. Integrated with the organizational risk register.

AI Objectives and Measurement Plan

Documented AI objectives with measurable targets, responsible owners, timelines, and defined methods for evaluating achievement. Evidence of management review against objectives.

AI Competence Records

Records of AI-relevant training, certifications, or qualifications for personnel with AI governance, development, or oversight responsibilities.

AI Awareness Communication Records

Evidence that personnel are aware of the AI policy, their AI-related responsibilities, and consequences of non-conformance. May include communications, training records, or AI policy acknowledgment logs.

AIMS Document Register

Index of documented information maintained for the AIMS with version history, review dates, and approval records demonstrating controlled management of AIMS documentation.

AI Risk Assessment Records

Completed AI risk assessments for each in-scope AI system, documenting methodology, identified risks, likelihood/impact ratings, and treatment decisions. Must show periodic reassessment and change-triggered reviews.

AI Risk Treatment Plan

Documented risk treatment plans mapping identified AI risks to selected treatment options (mitigate, accept, transfer, avoid) with assigned owners, implementation evidence, and tracking to closure.

AI Impact Assessment Records

Structured impact assessments for each AI system before deployment and upon significant change. Documents affected populations, harm scenarios, likelihood ratings, and mitigation controls.

AI Performance Monitoring Reports

Periodic reports of AI system performance against defined metrics including safety threshold adherence, accuracy trends, and drift indicators, with evidence of how findings are acted upon.

Internal Audit Records

Records of AIMS internal audits including scope, criteria, findings, nonconformities, and corrective actions raised. Must include evidence of auditor independence from the area audited.

AI Management Review Records

Records of annual leadership AIMS reviews covering AI risk posture, system performance, incident trends, audit findings, control effectiveness, and program improvement decisions.

Corrective Action Records

Log of AIMS nonconformities with root cause analysis, corrective actions, and effectiveness verification. Demonstrates continual improvement in response to identified issues.

AI Policy with Acknowledgments

Current leadership-approved AI policy with version history, communication evidence, and personnel acknowledgment records. Accessible to all relevant personnel on request.

AI Roles and Responsibilities Documentation

Current documentation of AI-specific roles with named individuals, role descriptions, and evidence of assignment. Updated when roles change.

AI System Context Documentation

Per-system context documentation covering intended purpose, operational environment, affected stakeholders, regulatory requirements, and defined use boundaries.

AI Impact Assessment Reports

Completed structured impact assessments for all in-scope AI systems before deployment and when significant changes occur. Documents harm scenarios, affected populations, mitigations, and sign-off.

AI System Inventory with Intended Purpose

Current AI system inventory documenting intended purpose of each system, confirming systems are used within documented scope, and providing the basis for risk classification.

AI Model Validation Records

Pre-deployment model validation records showing performance against defined acceptance criteria across accuracy, safety, bias, and robustness dimensions, with test methodology, populations, results, and sign-off.

AI Model Documentation (Model Cards)

Model cards for each deployed AI system covering intended purpose, training data summary, performance characteristics, known limitations, bias evaluation outcomes, and deployment constraints.

AI Deployment Approval Records

Records of AI system deployment approvals including final validation sign-off, deployment review checklist, stakeholder notifications, and post-deployment monitoring activation confirmation.

AI Monitoring Reports and Alert Records

Ongoing AI system monitoring reports showing performance metrics, safety threshold adherence, drift indicators, and anomalous output records, with alert disposition records demonstrating timely review.

AI System Decommission Records

Records of AI system decommissions including approval, model deletion/archiving confirmation, data disposal records, stakeholder notifications, and inventory removal with effective date.

AI Data Governance Policy and Procedures

Documented AI data governance policy covering acquisition authorization, classification, quality standards, retention, and lifecycle management. Evidence of implementation and personnel awareness.

Data Acquisition Authorization Records

Records confirming data used in AI systems was acquired under documented authorization, including legal basis, consent documentation, and fitness-for-purpose assessment.

Data Quality Assessment Records

Documented data quality assessments before data is used in AI systems, covering completeness, accuracy, consistency, timeliness, and representativeness. Includes any remediation actions taken.

AI Data Provenance Documentation

Data lineage and provenance records for AI systems documenting source, collection methods, transformations applied, and chain of custody sufficient to support audit and investigation.

AI System Transparency Information

Transparency documentation for each AI system describing purpose, capabilities, limitations, and responsible use guidance. Updated when system characteristics change materially.

External AI Disclosure Records

Evidence of external disclosure obligations met — AI involvement notices, public-facing disclosures, and records of what was disclosed, to whom, and when.

AI System Internal Logging Evidence

Evidence of internal logging for AI system inputs, outputs, and significant decisions. Includes logging configuration records and log review records demonstrating behavior is captured and reviewed.

AI Acceptable Use Policy and Acknowledgments

Current AI acceptable use policy with personnel acknowledgment records. Defines permitted and prohibited AI uses, addresses high-risk use contexts, and is re-acknowledged when materially updated.

Human Oversight Implementation Evidence

Evidence that human oversight mechanisms are implemented: documented override capability, human review workflows for high-risk decisions, and evidence oversight requirements are communicated to personnel.

Responsible Use Guidance Records

Records of responsible AI use guidance provided to personnel, including training completion records, communications about AI limitations, and escalation path documentation.

AI Responsibility Allocation Documentation

Contracts or shared responsibility documentation for each AI provider formally allocating AI risk management responsibilities. Reviewed at each vendor review cycle.

AI Supply Chain Assessment Records

Records of assessments of AI supply chain components including third-party model providers, training data suppliers, and AI infrastructure vendors, with identified risks and mitigations.

Third-Party AI System Assessment Records

Pre-onboarding and annual assessment records for third-party AI systems covering model risk, data handling, transparency disclosures, security posture, and alignment with the organization's AI governance requirements.

AI Incident Log and Post-Incident Reviews

Log of AI-specific incidents with classification, investigation records, containment/remediation actions, and post-incident review findings demonstrating AI incident procedures were followed.

AI Incident Response Plan (AI-Specific)

Documented AI-specific incident response procedures covering AI failure modes with defined severity classifications, response steps, escalation paths, and annual test records.

AI Bias and Fairness Evaluation Reports

Documented bias and fairness evaluations during model validation, identifying performance disparities across demographic groups, evaluation methodology, and mitigations implemented.

Third-Party AI Testing Reports

Independent third-party assessment reports for high-risk AI systems covering adversarial robustness, harmful output testing, out-of-scope behavior, and hallucination testing, with findings and remediation evidence.

AI System Audit Log Review Records

Records of periodic AI system audit log reviews demonstrating logs are actively reviewed, anomalies investigated, and findings documented and acted upon.

AI Drift Detection and Response Records

Evidence of AI model drift monitoring including drift detection alerts, investigation records, and response actions taken when drift thresholds are exceeded.

AI Management Review Meeting Minutes

Minutes from annual AI governance management reviews attended by top management, covering AI risk posture, incident trends, objective achievement, and improvement decisions with documented follow-up.

AI Harm Scenario Register

Register of identified harm scenarios for each AI system, updated when new use contexts are identified, incidents occur, or significant changes are made.

AI Data Quality Assessment Methodology

Documented methodology for assessing data quality before use in AI systems, including quality dimensions, assessment criteria, thresholds, and procedures for addressing identified deficiencies.

AI Provider Due Diligence Checklist

Standardized checklist for assessing third-party AI providers before onboarding and annually, covering model risk, data handling, transparency disclosures, security certifications, and AI governance maturity.

Code of Conduct and Acceptable Use

Documented code of conduct and acceptable use policy communicated to all personnel, with digital acknowledgment records captured at onboarding and at each material update.

Leadership Governance Document

Documented leadership structure and defined oversight responsibilities.

Org Chart and Role Descriptions

Current org chart and job descriptions with defined information security responsibilities.

Background Check and Onboarding Records

Background check policy and records for all personnel. Onboarding checklist from HR system confirming security steps completed at hire.

Control Ownership Matrix

Control ownership assignments with named individuals, documented in GRC tool or spreadsheet. Management sign-off attestations confirming accountability.

Management Reporting and Risk Register

Risk register and periodic management reports demonstrating quality information is used in decision-making. SaaS tool exports serve as system-generated evidence.

Security Awareness Training Records

Security awareness training completion records for all personnel. All-hands recordings or Slack communications demonstrating internal security communications cadence.

Public Privacy Policy and Terms of Service

Publicly posted privacy policy and terms of service. Security questionnaire responses to customers demonstrating external communication of security posture.

Risk Assessment Policy and System Description

Documented security objectives and system boundaries defining the in-scope environment. For a SaaS-native org this should reference specific platforms and their scope classification.

Risk Register

Annual risk register with identified threats, likelihood and impact ratings, and treatment decisions. For a remote SaaS-native org, risks should specifically address SaaS vendor risks, remote access risks, and endpoint compromise.

Fraud Risk Assessment

Risk register section addressing fraud scenarios — insider threat, credential theft, billing fraud. Segregation of duties documentation showing which functions are separated.

Change Risk Assessment Records

Records showing that changes to SaaS tooling, vendors, or team structure were assessed for control impact before implementation. Tracked via ticketing system or change log.

Control Review Records

Evidence of regular control monitoring — log review records, GRC tool compliance reports, security tool alert reviews. Ongoing monitoring via tools such as Vanta or Drata with evidence of regular cadence.

Remediation Tracking Log

Deficiency tracking log with assigned owners, target dates, and evidence of timely closure. Remediation tickets in project management system demonstrating findings are acted upon.

Risk-to-Control Mapping

Documentation showing controls are mapped to identified risks. For a remote SaaS-native org, controls should be weighted toward IAM, endpoint security, SaaS configuration management, and vendor oversight.

MFA and IdP Configuration Evidence

Screenshots or exports from the centralized IdP showing MFA is enforced for all users with no standing exceptions. SaaS configuration baselines documenting expected security settings per platform.

Policy Library with Acknowledgment Records

Complete policy library maintained in Google Drive or wiki with version history. Acknowledgment records showing policies were communicated and signed by all personnel.

IAM Policy and SSO Configuration

Access control policy and IdP configuration screenshots showing SSO and MFA enforced across all supported platforms. RBAC documentation showing role definitions and least-privilege assignments.

User Provisioning Records

Onboarding checklist showing access provisioning steps with manager approval records. Access request tickets demonstrating no user received access without documented approval.

Quarterly Access Review Records

Periodic access review records showing all platform access was recertified, with excess access revoked. Offboarding checklist records showing timely access revocation on termination.

Vendor SOC 2 Reports for Physical Controls

SOC 2 reports from critical infrastructure vendors confirming physical access controls are in place. Remote work security policy addressing home office and device security. No owned physical facilities exist.

MDM Device Wipe Records

MDM-generated device retirement records confirming full-disk wipe before disposal or reassignment. Data retention policy documenting SaaS data deletion procedures per vendor contract terms.

EDR Deployment Report

MDM enrollment report showing 100% endpoint coverage with EDR active. For a fully remote SaaS-native org, endpoint EDR and IdP-level controls are the primary security boundary — there is no network perimeter. Vendor SOC 2 reports confirm WAF and network controls are inherited from SaaS vendor.

Data Classification Policy

Data classification policy defining sensitivity tiers and handling requirements. Acceptable use policy addressing data transmission requirements. For a SaaS-native org, transmission controls rely on IdP-enforced access and TLS inherited from vendor platforms rather than a corporate DLP deployment.

MDM Enrollment and EDR Configuration

MDM enrollment report confirming all employee devices are enrolled and compliant. EDR deployment confirmation. MDM configuration screenshots showing software restriction policies enforced via device profile.

Vulnerability Scan and Patch Compliance Reports

Dependency scanning reports from CI/CD pipeline showing known vulnerabilities identified and remediated. MDM patch compliance report showing endpoint OS and application patch status. SaaS configuration review records showing platform security baselines reviewed. Traditional network vulnerability scanners are not applicable for a SaaS-native org.

Audit Log Review Records

IdP authentication log exports and SaaS platform audit log exports reviewed on a defined cadence. Log review records showing anomalies were investigated. A GRC or compliance tool aggregating alerts is acceptable.

Incident Severity Matrix and Triage Records

Incident classification criteria and severity matrix. Security incident log showing events were triaged, evaluated for impact, and escalated appropriately. Post-incident review records for any significant events.

Incident Response Plan and Tabletop Records

Documented incident response plan with named owners and escalation paths, tested annually via tabletop exercise. Tabletop exercise notes with findings and improvements implemented. Remote incident response relies on Slack, video calls, and ticketing.

Malicious Code Prevention Evidence

Endpoint EDR deployment report. Secret scanning tool report from GitHub. Dependency vulnerability scan report from Dependabot or Snyk. PR approval records confirming code review gate is enforced before merging. For a SaaS-native org, malicious code prevention is applied at the endpoint and code pipeline level rather than a network perimeter.

GitHub PR Approvals and CI/CD Configuration

GitHub branch protection configuration showing PRs require peer review and approval before merge. CI/CD pipeline configuration showing automated testing is enforced. Deployment logs showing production changes were approved. Environment separation evidence confirming dev, staging, and production are logically separated.

Risk Register with Mitigating Controls

Risk register documenting mitigating controls for each identified risk with named owners and treatment decisions. Cyber liability insurance certificate demonstrating financial risk transfer.

Vendor Inventory and SOC 2 Reports

Current vendor and SaaS platform inventory with data classification. Annual vendor risk review records. SOC 2 reports collected from critical vendors. DPAs executed with all data processors.

Management Assertion Letter

A signed letter from Phase2 management asserting that the system description is fairly presented and that controls were suitably designed and operated effectively during the audit period. Required for AT-C 320 engagements.

Formal System Description Document

A formal written description of Phase2's service system as required by AT-C 320.26. Describes the system boundaries, principal service commitments, system components (infrastructure, software, people, procedures, data), and the controls designed to meet the trust service criteria.