Scope and Purpose

This section provides a high-level overview of the systems and controls employed by Family First, Inc., focusing on security, confidentiality, compliance, and operational integrity within the scope of systems supporting the Family First Expert Caregiving Platform and related corporate infrastructure.

Principal Service Commitments

Encryption: Protects customer data during transmission over untrusted networks. Data is encrypted in transit using TLS 1.2 or higher and encrypted at rest using industry-standard encryption protocols.

Confidentiality Measures: Implements administrative, technical, and physical safeguards designed to protect customer data, including PHI, in alignment with applicable regulatory requirements.

Availability and Incident Response: Implements backup, redundancy, disaster recovery capabilities, and maintains a documented incident response plan defining detection, escalation, containment, remediation, and notification procedures.

System Components

People: The IT environment is supported by managed service providers for infrastructure operations and monitoring, while Family First retains responsibility and oversight for its information security program.

Data: A well-defined information classification scheme governs data handling, retention, and disposal. Data retention and disposal practices are aligned with contractual and regulatory requirements, and secure deletion procedures are followed when data is no longer required.

Control Environment

Management: The Board of Directors provides oversight of risk management and compliance activities and receives periodic updates regarding information security and operational risk matters.

Risk Assessment

The risk assessment process is aligned with recognized security frameworks and supports compliance with applicable regulatory requirements, including the HIPAA Security Rule where applicable.

Monitoring

Monitoring capabilities include centralized logging, endpoint protection, and security event alerting.

User Entity Controls

In addition, customers are responsible for managing user provisioning within their organization, safeguarding user credentials, and maintaining the security of endpoint devices used to access the platform.

Security Contact

To report a security or data protection concern regarding the Family First platform, please contact security@family-first.com.