Security Policy

Our comprehensive security framework protecting your healthcare data with enterprise-grade controls

Core Security Principles

Built on industry best practices and federal security standards

Defense in Depth

Multiple layers of security controls to protect against various threat vectors

Zero Trust Architecture

Never trust, always verify - continuous authentication and authorization

Least Privilege Access

Users and systems have only the minimum access required for their role

Continuous Monitoring

24/7 security monitoring with automated threat detection and response

Technical Security Controls

Comprehensive protection across all layers of our platform

Data Protection

  • AES-256 encryption for data at rest
  • TLS 1.3 for data in transit
  • Customer-managed encryption keys
  • Secure key management with AWS KMS
  • Data loss prevention (DLP) policies
  • Automated data classification

Access Control

  • Multi-factor authentication (MFA) required
  • Single Sign-On (SSO) with SAML 2.0
  • Role-based access control (RBAC)
  • Privileged access management (PAM)
  • Regular access reviews and recertification
  • Automated de-provisioning

Network Security

  • AWS GovCloud isolated infrastructure
  • Virtual Private Cloud (VPC) isolation
  • Web Application Firewall (WAF)
  • DDoS protection
  • Intrusion detection and prevention
  • Network segmentation

Application Security

  • Secure development lifecycle (SDLC)
  • Static and dynamic code analysis
  • Dependency vulnerability scanning
  • Container security scanning
  • API security with rate limiting
  • Input validation and sanitization

Incident Response Process

Rapid response to minimize impact and protect your data

Detection

< 5 minutes

Automated monitoring and alerting systems identify potential security incidents

Assessment

< 30 minutes

Security team evaluates the severity and scope of the incident

Containment

< 1 hour

Immediate actions taken to prevent further damage or data exposure

Remediation

< 24 hours

Root cause analysis and implementation of fixes

Recovery

Varies

Systems restored to normal operation with enhanced protections

Lessons Learned

< 7 days

Post-incident review and security control improvements

Compliance & Certifications

Federal Standards

  • FISMA Moderate
  • FedRAMP Ready
  • NIST 800-53 Controls
  • FIPS 140-2 Encryption

Healthcare Standards

  • HIPAA Compliant
  • HITECH Act
  • SOC 2 Type II
  • ISO 27001 (In Progress)

Security Updates & Patches

We maintain a proactive approach to security updates:

  • Critical security patches applied within 24 hours
  • Regular vulnerability assessments and penetration testing
  • Automated dependency scanning and updates
  • Monthly security review and hardening
View Security Documentation

Responsible Disclosure Program

We appreciate the security research community's efforts in helping us maintain the security of our platform. If you discover a vulnerability, please report it responsibly.

Report security vulnerabilities to: security@peregrinetec.com

We commit to acknowledging receipt within 48 hours and working with you to understand and resolve the issue promptly.

Security Questions?

Our security team is here to address your concerns

Contact Security TeamView HIPAA Compliance

Related Policies

Privacy PolicyTerms of ServiceHIPAA Compliance