Compliance
Serent protects your data with industry leading continuous compliance monitoring because your privacy is our priority. We treat all healthcare data with the utmost care and respect, adhering to strict compliance standards.
Our HIPAA compliance is designed to assess Serent’s risk management and regulatory compliance. It includes evaluation of administrative, physical, and technical safeguards related to electronic protected health information (ePHI) an organization creates, receives, processes, maintains, and/or transmits.
Our SOC 2 Type II compliance is designed for service providers storing customer data in the cloud. SOC 2 requires companies to follow strict information security policies and procedures, encompassing the security, availability, processing, integrity, and confidentiality of customer data.
Security
We follow a holistic approach to ensuring security of your data.
Serent’s systems drive excellence in security and compliance across all aspects of the organization
Infrastructure Security
- We maintain our service infrastructure
- Our production servers are maintained by GCP, and we regularly review attestation reports and perform risk analyses
- Multi-factor authentication (MFA) is enforced on all systems
Internal Security
- Processed access requests as required
- Restricted production deployment access
- Enforced change management procedures
- Established a configuration management system
- Established third-party agreements
- Reviewed system capacity
Organizational Security
- All endpoints are encrypted
- Password policy is enforced
- Security training and advisory
- Contractors sign Confidentiality Agreements and BAAs
- Production inventorv is maintained
- Employees acknowledge Confidentiality Agreements
Product & Application Security
- Data is encrypted both at rest and in transit
- Vulnerability and system monitoring procedures have been established
- We leverage secure coding practices and security test throughout the DLC to prevent vulnerabilities