Security


Apervita has an all-encompassing security and privacy management process that covers software, data center, testing, procedures, and training. A brief summary is provided below:

Software

  • Apervita has a documented Software Quality Plan and release process to ensure the highest possible quality of software is deployed on our production servers.
  • Consistent periodic penetration testing.
  • Agile development process, thousands of automated tests, and a full security review of each release.

Platform

  • Organizations can administer and govern access to all their assets.
  • Workspaces are owned and controlled by the accounts owners.
  • The intellectual property created in platform Workspaces is only available to the account administrators and their delegated users.

Marketplace

  • Analytic and data authors may keep their source intellectual property private - users cannot access the source script.

Data Center

  • All data, including PHI, is encrypted at rest.
  • All data transfers, including PHI, is encrypted during transfer.
  • Single-tenant, dedicated servers and network.
  • Intrusion detection system (IDS) constantly monitoring the platform.
  • Hosting providers have numerous certifications. SOC 2/3 reports can be made available if required.

Certifications

  • HIPAA compliant; annual audit from a HIPAA consultant.
  • Certified accreditation to ISO/IEC 27001 Information Security Management standard since 2013 with periodic external audit.
  • Apervita has a full suite of Information Security policies, procedures and records. 

Training

  • Annual mandatory Information Security training for every employee.
  • Annual mandatory HIPAA training for every employee.

 

 

Back to top