Security and Compliance
The platform adheres to guidelines established by international regulatory bodies for data security and privacy protection. The software is designed to comply with current data protection laws such as GDPR and HIPAA. To prevent breaches in data privacy, users should follow guidance and best practices regarding the storage of PHI as indicated below.
Overview of Security and Compliance Practices
ISO 27001, ISO 27701, & ISO 13485
Compliant with GDPR and HIPAA requirements
Transport Layer Security (TLS 1.2) for web-based API communication security
Data encrypted at rest using Advanced Encryption Standard (AES)-256
Service Organization Controls 1/SSAE, 16/SSAE 3402
Regularly scheduled penetration testing by a third-party security firm
Periodic network scanning
Granular role-based access allows tight regulation over who can access and interact with data within the platform
Public Key Infrastructure (PKI) to provide digital signatures to track actions within the security architecture
Audit logging actions on the objects within the platform are recorded
Data policies mitigating risk from attachments that could contain malware
System hosts (virtual instances) deployed as known fixed images
Automated secure code scanning adhering to Open Web Application Security Project (OWASP) guidance
Two-factor authentication available for Enterprise license users
TX-RAMP level 2 certification: Texas Risk and Authorization Management Program
Our systems are synchronized using a Cloud Time Sync Service to ensure accurate timekeeping and consistent log timestamps.
Last updated
Was this helpful?