Inovaare is committed towards safeguarding information through rigorous high-standards information security and compliance processes. The information security team is comprised of highly qualified professionals who focus on appropriate risk-management and other requirements including: business continuity, information security, and compliance with privacy regulations, standards and frameworks.
Our security programs include the implementation of a proactive and robust information security plan to protect information assets. Inovaare is an ISO 27001:2013-certified organization, which confirms our commitment towards the security and privacy of customer data.
Inovaare considers information security management to be a key domain and invests appropriately in implementing strong information security management system and controls. The information security program at Inovaare is led by the Information Security Officer (ISO), who is assisted by a dedicated team of security professionals.
To ensure a minimum baseline standard for information security across the organization, Inovaare has adopted an ISO 27001:2013 framework and is certified by qualified external and independent assessors. Internal information security audits are conducted that cover: information and pertaining assets; cloud and infrastructure security; personnel security; physical and environmental security; business continuity; change management; and incident management. These audits are compliant with contractual as well as regulatory (e.g., HIPAA, HITECH, etc.) obligations.
Below are some of the highlights of our information security practices:
- Regular and detailed vulnerability assessments and penetration tests
- Malware protection, intrusion prevention/detection systems
- Hosting partners are chosen for infrastructure and data hosting based on certifications and compliance standards including, but not limited to, ISO 27001, HITRUST and SOC2
- Enforcement of requirements and guidelines from HIPAA/HITECH, ISO 27001, HITRUST, NIST, etc. into our solutions, services, processes, policies and procedures
Inovaare hosts its offered solutions and services on world-class data centers in the United States. These data centers are SOC2 accredited. Hosting service providers are also responsible for physical and environmental safety of our systems hosted with them. Access to Inovaare’s assets is limited to Inovaare’s authorized personnel only.
Data security is essential in healthcare and Inovaare has its clients covered. Its qualified and certified IT security experts manage data security to keep up to date pertaining to latest global threats and risks. Inovaare performs internal and external assessments to ensure that all necessary elements are checked—from an information security perspective—as well as to make sure data is always secured.
Inovaare’s information security objectives are amalgamated into cross-cloud platforms where its software-as-a-service (SaaS) solutions reside. This way, Inovaare ensures it delivers consistently reliable solutions with high uptime, uninterrupted availability and ironclad data security.
Data Backup and Recovery Policies
Inovaare has a well-defined process for taking regular backups to ensure the availability of data during unforeseen disastrous events. All critical information, including personal health information (PHI), is stored in an encrypted format to avoid unauthorized access. Organizational policies are developed to ensure CIA requirements of PHI are being maintained. A disaster recovery process is implemented to have minimal RPO and RTO.
Network and Application Security
All our solutions are hosted behind secured firewalls that are configured to block incoming traffic by default. Ongoing monitoring of the network and infrastructure is in place and we have enforced stringent password policies to sustain secured logins. Our solutions support SSO to have enhanced security and access control.
Inovaare employs strong encryption and hashing for all our solutions wherever appropriate. We use strong ciphers for data access. Per customer requirement, we can configure IPSec tunnels and whitelisting for limited and secured access. Access to Inovaare’s assets is secured and integrated with multifactor authentication to ensure appropriate access and for secured session management.
Recognizing the importance of protecting the privacy and integrity of PHI, Inovaare has developed organizational security policies and procedures to be in compliance with HIPAA requirements. Inovaare’s information security team—led by its Information Security Officer—coordinates, monitors and maintains the compliance plan.
A confidentiality agreement is signed by all employees at the time of joining the organization and employees are aware that there will be sanctions imposed for any security violation. At regular intervals, Inovaare conducts HIPAA compliance and information-security training programs for all its employees. This further ensures awareness and ethical work standards. By adopting the best practices approach to privacy and security, we are committed to delivering solutions and products which meet the requirements of HIPAA/HITECH.
For any queries, comments, complaints or requests pertaining to Information security and privacy, please reach out to our Information Security Officer, Deepak Matham, at:firstname.lastname@example.org