Apervita has an all-encompassing security and privacy management process that covers software, data center, testing, procedures, and training. A brief summary is provided below:
- Apervita has a documented Software Quality Plan and release process to ensure the highest possible quality of software is deployed on our production servers.
- Consistent periodic penetration testing.
- Agile development process, thousands of automated tests, and a full security review of each release.
- Organizations can administer and govern access to all their assets.
- Workspaces are owned and controlled by the accounts owners.
- The intellectual property created in platform Workspaces is only available to the account administrators and their delegated users.
- Analytic and data authors may keep their source intellectual property private - users cannot access the source script.
- All data, including PHI, is encrypted at rest.
- All data transfers, including PHI, is encrypted during transfer.
- Single-tenant, dedicated servers and network.
- Intrusion detection system (IDS) constantly monitoring the platform.
- Hosting providers have numerous certifications. SOC 2/3 reports can be made available if required.
- HIPAA compliant; annual audit from a HIPAA consultant.
- Certified accreditation to ISO/IEC 27001 Information Security Management standard since 2013 with periodic external audit.
- Apervita has a full suite of Information Security policies, procedures and records.
- Annual mandatory Information Security training for every employee.
- Annual mandatory HIPAA training for every employee.