Defines guidelines for using our services, ensuring compliance & protecting both parties.

DPA (Data Processing Agreement)

Outlines how data is processed, ensuring compliance with privacy regulations and safeguarding client data.

Privacy Policy

Details how we collect, use & protect your personal information for transparency & compliance.

Cookies Policy

Explains our use of cookies to enhance user experience, data collection and usage.

Our Controls

Here are one-liners for each implemented control, highlighting their objectives and benefits to clients or prospects:

People Controls

Identity Verification

Ensures verified and trusted personnel, enhancing security and reducing risk.

Background Checks

Provides confidence that all staff have been thoroughly vetted for trustworthiness.

Legal Contractual Bindings in the Country of Origin

Guarantees adherence to local legal standards, ensuring compliance and security.

Coordination Assistance / Dedicated Accounts Manager

Streamlines communication, ensuring smooth operations and personalized support.

Payment Protection (as per contract)

Safeguards financial transactions, providing peace of mind with secure payment terms.

HR Training for Enhancement of Cyber Hygiene

Enhances staff awareness, ensuring high standards of cybersecurity and data protection.

Physical Controls

Dedicated – Fully Equipped Workspace

Ensures a professional and secure environment for remote work, fostering productivity.

Power/Network Backups

Minimizes downtime, ensuring continuity in case of power or network failures.

24/7 Surveillance and On-site Security

Enhances physical security, safeguarding facilities and equipment around the clock.

Tiered Access Control

Restricts physical access to sensitive areas, ensuring protection from unauthorized access.

Environmental Hazards Protection

Mitigates risks from environmental threats, ensuring a safe and secure work environment.

Technological Controls

Cloud and Application Security

Secures cloud infrastructure and applications, protecting client data from threats.

Single Sign-On

Simplifies and secures user access, improving ease of use and reducing security risks.

Multi-Factor Authentication

Strengthens security by requiring multiple forms of verification for system access.

Role-Based Access Control

Limits access based on roles, ensuring sensitive data is only available to authorized users.

Secure Tenant Segregation

Ensures data isolation in multi-tenant environments, preventing unauthorized access.

Password Management Implementation

Secures credentials, reducing the risk of unauthorized access due to weak or reused passwords.

Secure Software Development Lifecycle

Change Management

Minimizes disruption and security risks by controlling and tracking system changes.

Security By Design Architecture

Incorporates security measures from the start, ensuring secure systems by default.

Code Reviews

Ensures software integrity and security by identifying and resolving potential vulnerabilities early.

Vulnerability and Patch Management

Keeps systems secure by proactively identifying and addressing vulnerabilities.

Vulnerability Assessment and Penetration Testing Programs

Identifies weaknesses in systems to prevent potential attacks and breaches.

Web Application Firewall

Protects web applications from malicious traffic, enhancing cybersecurity.

Intrusion Detection and Prevention System (IDS/IPS)

Monitors and blocks unauthorized access attempts, preventing potential threats.

Responsible Disclosure (Internal and External)

Promotes transparency and prompt resolution of security vulnerabilities through responsible reporting.

Security Audit and Risk Assessment

Provides comprehensive insights into security posture, ensuring vulnerabilities are identified and addressed.

Data Controls

Managed Backups with Recurring Verifications

Ensures data is securely backed up and can be quickly restored, minimizing potential data loss.

Encryption at Rest

Protects stored data, ensuring it is encrypted and secure from unauthorized access.

Encryption in Transit

Safeguards data during transmission, ensuring privacy and protection from interception.

Secure Data Sharing

Ensures safe and compliant sharing of sensitive data with authorized parties only.

Network Security

Secures networks from unauthorized access, ensuring safe communication and data transfers.

Web Filtering

Prevents access to malicious sites, enhancing security and reducing risks.

Host-Based and Tiered Network Firewall

Secures networks and endpoints from external threats, maintaining a strong defense perimeter.

Zero-Trust VPN

Ensures secure access to networks, requiring verification at every access point.

Endpoint Security

End Detection and Response (EDR)

Detects and responds to potential threats at the endpoint level, minimizing risk.

Anti-Virus/Anti-Malware Protection

Protects devices from malware and viruses, preventing data compromise and disruptions.

Full Disk Encryption

Ensures all stored data is encrypted, protecting it in case of device theft or loss.

Mobile Device Management

Secures mobile devices, ensuring compliance and safeguarding sensitive data on the go.

CIS Benchmark-Based Hardening

Implements industry standards to securely configure systems, reducing vulnerabilities.

Secure Disposal of Hardware and Media

Ensures proper destruction of sensitive data when hardware or media is no longer needed.

Cloud Infrastructure

Our Cloud Platform

We leverage Amazon Web Services’ secure and scalable cloud infrastructure to protect client data.

Business Continuity and Disaster Recovery Plans

Ensures rapid recovery and minimal disruption in case of unforeseen events or disasters.

Multi-Environment with Isolated Production Environment

Enhances security and performance by isolating production environments from other systems.

Security Operations Center

Security Information and Events Management (SIEM) Implementation

Provides real-time monitoring and threat detection, enabling proactive security management.

Enhanced Metrics Capture and Logging

Improves visibility into system activity, helping identify and respond to security incidents.

24/7 Monitoring

Ensures continuous oversight of systems, identifying and responding to threats at all times.

Information Security Incident Response Management and Plan

Establishes a clear protocol for managing and resolving security incidents efficiently.

Performance Monitoring

Tracks system performance to identify and address issues before they affect security.

HIPAA Controls

Business Associate Agreements

Ensures compliance with HIPAA by setting clear data handling expectations with partners.

ePHI Handling Policy for Users and Facilities

Protects electronic patient information by ensuring proper handling, storage, and access control.