Security Certifications and Security Testing
From the first day and the first line of code was written, security and availability were top of mind for our entire team. Many of the development and operations teams of Analog Informatics came from the cyber-security and cyber-warfare world, where we secured the largest companies in the world as well as governments and critical national infrastructure (CNI). Some of our team members have patents and fundamental trade secrets in cyber-security and contributed to NIST national standards in security.
We maintain Business Associate Agreements (BAA) with our vendors and favor those with SOC II security audits. Our primary service vendors are Amazon AWS, Google, and Microsoft. Messaging is processed through Twilio and Plivo.
All of our information is sent over secure communication channels (TLS); at rest, information is encrypted. We carry cyber-risk insurance and our audited by our insurance carrier yearly. We maintain on-site and off-site backups and can shift cloud vendors for resiliency and recovery. Our releases are audited for known vulnerabilities, and we use a third-party vulnerability scanner on our services.
Our web services code is designed for 100% parameter verification for type, size and contents. We test for injection and remote execution as well as many other vulnerabilities.
That said, we are realistic and know that we cannot protect against all potential vulnerabilities, so we maintain logs of transactions of our systems using a third-party vendor. We are constantly vigilant, looking for anomalous activity, and are ready to respond.
We are happy to work with our customers and participate in security vulnerability testing, such as scans and red/blue team exercises. Please get in touch with us at firstname.lastname@example.org to discuss your needs.
Because security is not just a point-in-time compliance issue, AIC employees CISSP certified staff to constantly vigil on our systems and the data that customers have entrusted us. Our CISSP staff are constantly updated on the latest security threats and test our internal systems.
Analog Informatics deals with protected health information (PHI), we have the stringent physical, network, and process security measures to ensure complete HIPAA Compliance.
SOC 2 Pending
AICPA SOC 2 Type II is the gold standard of trust and security measures for the healthcare industry and Fortune 500 companies globally. Our systems and processes are built and operate to global enterprise security quality standards. Working on obtaining certification.