It starts with smart people.
- 100% use of AWS WorkSpaces controls the user environment
- vCISO/InfoSec experts on staff for consultation
- Continual security education, awareness, and testing
- Disciplined digital human hygiene
- Purposeful and transparent actions
- Full accountability for data access and privacy
Protected platform
- Confidentiality, integrity, and availability verified SOC 2 certification
- HIPAA compliant AES data encryption
- AWS Elastic Compute Cloud access enforced by IAM
- Shared security model including firewall, security group, application load balancer, anti-malware,
- Continuous logging, vulnerability management, backup imaging, and IDS/IPS
Annual SOC 2 Type II certification
We are happy to report that we achieved SOC2 Type II certification, the most rigorous security protocol available, proving that our platform and team can stand up to stringent testing. We are committed to keeping our clients’ sensitive data secure in the cloud and during data transfers.
Process tested
- Process integrity validated by external auditor
- Security embedded in the DevOps lifecycle
- CIS best practices incorporated in SecOps
- Governance program aligned with NIST SP 800 Series
- Automated provisioning, deployment, and shutdown ensures security compliance
- Security processes overseen by IT Steering Committee
- Integrated provisioning, deployment, and shutdown ensures security policy compliance
- Rigid vendor & supply chain risk management
HIPAA compliant
RazorMetrics is committed to and has implemented the required safeguards to ensure its systems and services are compliant with Health Insurance Portability and Availability Act of 1996 (HIPAA), the HHS HIPAA Privacy Rule, and HIPAA Security Rule.
RazorMetrics operates administrative, physical, and technical controls to protect electronic Protected Health Information (ePHI) and demonstrates continual operations of these controls with our annual SOC 2, Type II (including Privacy) certification.
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) assures that employees’ and customers’ health information is properly protected while allowing the flow of health information needed to provide and promote high-quality healthcare and protect the individual’s health and well-being. Medical information on individual members is treated confidentially.
RazorMetrics takes special precautions to protect such information from inappropriate disclosure. Managers and other employees are responsible for respecting and maintaining the confidentiality of all medical information. Anyone inappropriately disclosing such information is subject to corrective action, up to and including termination.
RazorMetrics employees and contractors complete the HIPAA training and standards course every two (2) years.
Prioritizing privacy
Every person on staff completes HIPAA and health information training courses through Inspired eLearning and the MLN Network. We have a documented monitoring protocol that supports the detection and prevention of fraud, waste, and abuse.
RazorMetrics’ policies regarding standards of conduct are documented for our SOC 2 Type 2 Certification and they articulate our commitment to comply with all applicable Federal and State regulations and provide guidance to all Employees on how to report and manage suspected, detected or reported compliance issues.
RazorMetrics conducts background checks of every employee through our background check vendor Goodhire.
We have a rigorous vendor approval and monitoring process in place as part of our SOC 2 Type 2 compliance program. Each vendor must meet a comprehensive list of requirements as required by SOC 2 which also mirror the requirements in our client and partner contracts.
