Security Framework
Data security is central to our mission at Certilytics. We have years of experience handling healthcare records in a manner that protects patient privacy. The Certilytics Security Framework includes HIPAA compliance and relevant data security protocols to meet the highest industry standards of security and integrity.
Our framework is based on HITRUST, SOC 2 Type II, NIST CsF, elements of GDPR, and internally defined requirements based on industry best practices, client expectations, and contractual agreements. Requirements are defined at a high level in policies established by our Security and Risk Management Committee, an information security steering committee led by our Chief Information Security Officer, which are then implemented into existing or new business processes through the establishment of supporting documentation such as guidelines, standards, procedures, and baselines.
Regular audits are performed to ensure that the requirements are adequately implemented. To assure Certilytics clients and ourselves of the strength of our security program, we make use of independent third parties to perform risk assessments, penetration tests, social engineering testing, and audit the Certilytics security program against industry standard frameworks to measure for compliance with SOC 2 Type II compliance, and HITRUST CSF for all product offerings. HITRUST compliance requirements are in part based on HIPAA, HITECH, and other federal and regional legislation or regulations, other security frameworks (e.g. NIST, CIS, GDPR), and industry best practices.