Trust

We are committed to maintaining the confidentiality, integrity, and availability of data entrusted to us by our clients, partners, and stakeholders.

Our cybersecurity program

We adhere to industry-recognized cybersecurity frameworks and best practices to ensure robust protection against threats and vulnerabilities.

Compliance with Standards:

Aligned with NIST Cybersecurity Framework (CSF) and CIS Controls.
Conforms to HIPAA Security Rule and HITECH Act requirements (for healthcare data).
Adheres to SOC 2 Type II controls for security, availability, and confidentiality (if applicable).

Data Protection:

All data is encrypted in transit (TLS 1.2/1.3) and at rest (AES-256).
Role-based access controls (RBAC) and least privilege principles are enforced.

Risk Management:

Annual third-party security assessments and penetration testing are conducted.
Continuous monitoring and vulnerability scanning of infrastructure.

Incident Response:

Formal incident response plan in place, tested annually.
Security events are logged and monitored via a centralized SIEM platform.

Training & Awareness:

All employees undergo mandatory cybersecurity training at onboarding and annually thereafter.
Phishing simulations and awareness campaigns are regularly conducted.

Business Continuity:

Disaster recovery and data backup procedures are tested and updated annually.

Statement of Conformance:

We certify that our cybersecurity posture is regularly assessed and meets or exceeds the applicable regulatory and contractual obligations. Documentation and audit reports can be provided under NDA upon request.