Security and Compliance
Aestiva is HIPAA and NIST compliant and supplements that with additional
policies to achieve the highest levels of security. Here are some of the security measures we take. |
Aestiva provides its customers login security options such as multi-factor authentication and IP access controls. We also want you to be secure. As a small example, we recommend you integrate with your company's login authentication protocol (if you have one) to keep a consistent security infrastructure.
Aestiva regularly looks at security industry reports and updates its data center infrastructure in response to threats.
The Human Factor
Most security breaches are from in-house staff. Aestiva limits access to its data center and customer applications to limited staff.
Aestiva also builds security and compliance capabilities into its platforms. As an example, Aestiva's sequential workflows abide by Sarbanes-Oxley compliance rules unless the administrator opts to bypass the restrictions. From access controls, to separation of duty, to the setup of private information, we give you the tools and help you need to comply with your compliance requirements.
As an additional precaution Aestiva staff are not authorized to handle ePHI, Confidential Information, and Private information on their own equipment. Such information must be stored on Aestiva's secure platforms or through a special secure channel. Call for details.
Aestiva Dev SecurityAestiva does not use popular dev tools nor allow code to be transported to external sites such as GitHub. Instead, Aestiva staff use Aestiva's HTML/OS coding language which features built-in security. The built-in security removes the requirement for coders to be security experts and blocks them from accidentally creating security breaches.
For further information about Dev security, see the Aestiva Dev Security page.
Random TestingAs a matter of policy, Aestiva welcomes customers perform their own penetration testing of Aestiva systems. No need to inform us.