As an enterprise level platform serving government, health care and financial clients, privacy and security compliance is a must. Because of the markets that we serve, we have put a lot of effort over the last 19 years into our compliance with the major privacy and security regulations.
These efforts are built upon three pillars:
- Administrative Safeguards
These have to do with the policies and procedures we have in place to ensure the proper employee management, training and oversight for staff that come into contact or manage personally identifiable information (PII) and protected health information (PHI). It includes providing tools to our clients to manage and limit the access to PII and PHI to certain user roles and specific users within their own accounts. It also includes having agreements in place with service providers that perform covered functions. These agreements, called sub-processor agreements and Business Associate Agreements (BAAs) ensure that these service providers (Business Associates) process and safeguard PII and PHI in a secure and compliant manner.
- Technical Safeguards
They include things like encryption at rest and in transit, firewalls, logging, encrypted data storage, business continuity, fine-grained data retention rules controlled by our clients and more.
- Physical Safeguards
These include the use of multiple class A data centers, data redundancy, data region isolation, access to servers and more.
These pillars are covered extensively in our Data Processing Agreement.