Analog Informatics Corporation

Security Certifications and Security Testing

From the first day and the first line of code was written, security and availability were top of mind for our entire team.  Many of the development and operations teams of Analog Informatics came from the cyber-security and cyber-warfare world, where we secured the largest companies in the world as well as governments and critical national infrastructure (CNI).  Some of our team members have patents and fundamental trade secrets in cyber-security and contributed to NIST national standards in security.

We maintain Business Associate Agreements (BAA) with our vendors and favor those with SOC II security audits.  Our primary service vendors are Amazon AWS, Google, and Microsoft.  Messaging is processed through Twilio and Plivo.

All of our information is sent over secure communication channels (TLS); at rest, information is encrypted.  We carry cyber-risk insurance and our audited by our insurance carrier yearly.  We maintain on-site and off-site backups and can shift cloud vendors for resiliency and recovery.  Our releases are audited for known vulnerabilities, and we use a third-party vulnerability scanner on our services.

Our web services code is designed for 100% parameter verification for type, size and contents.  We test for injection and remote execution as well as many other vulnerabilities.

That said, we are realistic and know that we cannot protect against all potential vulnerabilities, so we maintain logs of transactions of our systems using a third-party vendor.  We are constantly vigilant, looking for anomalous activity, and are ready to respond.

We are happy to work with our customers and participate in security vulnerability testing, such as scans and red/blue team exercises.  Please get in touch with us at support@analoginfo.com to discuss your needs.

CISSP

Because security is not just a point-in-time compliance issue, AIC employs CISSP certified staff to constantly monitor our systems and the data that customers have entrusted us.  Our CISSP staff are constantly updated on the latest security threats and test our internal systems. 

HIPAA Compliant

The Health Insurance Portability and Accountability Act (HIPAA) is the security standard for protecting patient data.

Analog Informatics deals with protected health information (PHI), we have the stringent physical, network, and process security measures to ensure complete HIPAA Compliance.

SOC 2

AICPA SOC 2 Type II is the gold standard of trust and security measures for the healthcare industry and Fortune 500 companies globally. Our systems and processes are built and operate to global enterprise security quality standards.  Working on obtaining certification. 

HITRUST Pending

The HITRUST e1 CSF certification is a rigorous and comprehensive security framework that evaluates the depth of control requirements and consistency in an organization’s data systems and processes. Analog Informatics is working toward HITRUST certification. 

Want More Information?

Reach out today for more information or to schedule a free product demonstration

Contact UsSchedule Demo
Scroll to Top