nference is committed to privacy protection and has policies and controls in place to safeguard the collection, use, and disclosure of information.
nference preserves data privacy using our certified best-in-class de-identification algorithm coupled with our “data under glass” approach. nference partners exercise strict control over internet-facing URLS, perimeter security, ingress/egress rules in/out of the platform and authorization into the environment.
Additionally, our Information Security Management System’s (ISMS) defense-in-depth design implements core security principles through a number of measures. Utilizing a risk-based approach, we’ve implemented and continually evaluate technical and administrative security controls that include:
- Completion of background checks on all employees and contractors,
- Maintenance of a dedicated Security Officer and team of Security analysts to provide oversight, auditing, and compliance activities,
- Provision of Security Awareness training to all employees upon hire and annually thereafter,
- Executed employee non-disclosure, confidentiality ethical practice clauses in employment contracts.
- Annual audit activities through an independent firm on all IT security and operational controls ensuring SSAE18 administered SOC 2 Type 1 and HIPAA compliance.
- CSA Star Level 1 Self-Assessment
- Internal vulnerability scans for timely remediation of critical vulnerabilities by operations teams
- Periodic external security vendor engagements to perform advanced penetration testing on our network, servers, and applications,
- Multiple levels of network security, including firewalls, intrusion detection and prevention systems (IPs)
- Automated source-code scanning to minimize risk of vulnerabilities that may be introduced early in the development lifecycle
- Anti-virus software and full disk encryption on computers to protect malicious access to corporate or customer data,
- Vulnerability Management program,
- Multi-factor authentication.