Our platforms and security infrastructure are designed to protect YOUR data and eliminate unnecessary disruptions to YOUR business. The combination of the best security technologies, regular scanning & testing, audits performed annually on our security program, and HIPAA compliance enables us to protect both you and your data. At nVoq, here is what we do to protect YOUR data...
The nVoq platform undergoes regular, rigorous independent audits in accordance with the AICPA’s SOC2 Type 2 standard, to confirm compliance and safeguarding of client data.
To ensure that the necessary security protocols are in place and function properly, nVoq undergoes a SOC2 Type 2 assessment annually, based on these four Trust Service Principles…
- Security
- Availability
- Confidentiality
- Privacy
nVoq’s HIPAA compliance is included under its SOC2 Type 2 program, so that it undergoes an independent third-party audit every year, even though having an external audit is not required by HHS.
nVoq goes above and beyond to ensure the safety, security, and privacy of your data.
Additional Security Documentation:
nVoq utilizes advanced monitoring technologies on all levels of our applications and infrastructure. This includes a status page published to the internet for customer access regarding system status and even notification. This information is also available via text or email subscription 24/7 to ensure real-time alerting and response on any issues.
nVoq relies on a multi-tiered, redundant backup strategy to help ensure recovery of archived data. Backup procedures include frequent snapshots of all critical client data to multiple media types and geographically diverse locations. We test backups regularly to ensure recovery reliability. We encrypt and securely transport offsite data backups to alternate locations.
Your confidence in our ability to manage and protect YOUR sensitive patient data is important to us. We protect our client data with powerful underlying technology and tools including:
- Data Encryption for data in Motion and at Rest
- Strong Encryption Technologies
- MFA employed strategically on our platform
- Intrusion Prevention System (IPS)
- Intrusion Detection System (IDS)
- Web Application Firewalls (WAF)
- Network Firewalls
- Virus and Malware Detection & Removal
- Penetration Testing
- Vulnerability Scanning
- Dynamic Application Security Testing (DAST)
- Static Application Security Testing (SAST)
- Software Composition Analysis (SCA)
Clients access our platform environment via encrypted TLS sessions. We encrypt sensitive customer data both during transmission and at rest using the same industry standard protocols used by modern financial institutions.
The nVoq platform is designed to allow upgrades and updates without service interruptions to maximize availability to our customers and their users. We maintain, review, and test our disaster recovery plan to be well-prepared for potential disasters. At a high level, we have plans in place to coordinate key personnel, restore critical infrastructure systems, data, application functions, and conduct post-failover validation. These plans are tested regularly. Not only do we review the results of disaster recovery testing activities, but we also update and refine our plans as needed to improve our level of preparedness.
nVoq employs AWS cloud hosting for its production and staging platforms. Each of these platforms is spread across at least 3 availability zones (i.e., separate data centers in a single region) and in the US, disaster recovery is accomplished by maintaining a copy of customer data in a separate AWS region, but US customer data is always located in US-based data centers. nVoq's Canadian platform is hosted in multiple AWS Availability Zones inside the international boundaries of Canada.
nVoq believes that protecting your critical data is worth the extra effort and so we have designed security into our platform. As just a few examples, you can require your company administrators to utilize multi-factor authentication for system log-ins, all relevant account administration activities are logged and retained, data persistence is configurable by your company administrators, strong passwords are required for all administrators. We have a program to proactively apply important patches and to rapidly patch publicly disclosed vulnerabilities. All nVoq client software access requires a unique username and password.
For more information on our compliance efforts or for answers to your security questions, please reach out to us:
ABOUT US
CompanySupport
Careers
Contact Us
Security
© 2024 nVoq Incorporated. All rights reserved.
nVoq Incorporated | 1790 38th Street | Suite 105 | Boulder, Colorado 80301 | Contact Sales 1-866-383-4502