information Security
Security Risk & Compliance Overview
Information Security
Rapid Medical encrypts and protects sensitive information across the transformation and analysis process.
Data in Transit TLS encryption for all data exchanged. Additional security is available for dedicated VPN connections between the customer and Rapid Medical.
Data at Rest – AES 256-bit encryption.
Access Management & Authentication
Rapid Medical’s platform provides full control of access to all hosted information.
Account Authentication: Username and password.
Password Policies: Required strength factors (minimum characters, required numbers and special characters, common passwords rejected), salted and hashed password storage, and password resets.
Granular Access Control and Review: Role-based access, visibility and user access rights. Regular access review and analysis.
Audit and Access Logging: Detailed tracking and audit logging of all activities related to the application environment and administrative activity.
Software Development Practices
Security processes and have been fully integrated into the Rapid Medical software development processes. Developers receive training that focuses on OWASP specific guidelines. In addition, processes are setup to allow for separation of duties and segmentation of platforms with dev, staging, and production.
OWASP based security controls design
Separation between dev, staging, and prod
Use of test data in development environment
Code peer review
Penetration testing
Code repository controls
Threat modeling
Deployment controls
Infrastructure Security
Rapid Medical leverages Amazon Web Services (AWS). We utilize hardening practices from the Center for Internet Security (CIS) Benchmarks for the platform configuration. Rapid Medical can make available all standards, AWS certifications and accreditations along with physical security controls.
Company Policies and Procedures
Rapid Medical security, risk, and compliance processes were developed based on industry best practices and are reviewed and updated on an annual basis or upon any significant change.
Security Policies and Training – All employees go through required training upon hire and must recertify on an annual basis. Policies include:
Access Control
Business Continuity
Disaster Recovery
Cryptographic Controls
Data Management
Human Resources Security
Information Security
Operations Security
Physical Security
Risk Management
Third-Party Risk Management
Platform Security – On-going security activities, including:
Network intrusion detection
Code vulnerability scanning
Penetration testing
System, network, application log analysis, reporting, and retention
Incident Response Planning & Team in place to handle any significant security event to triage and respond to establish system resiliency, minimize impact, and protect customer data.
Regular Third-Party Security Review that identifies and evaluates security risks of vendors and third parties.
Standards and Certification
Rapid Medical is committed to establishing and maintaining compliance with key information security and regulatory standards, including:
Service Organization Control (SOC) 2
CSA Controls Matrix
Rapid Medical and third-party certification and verification reports are available for limited distribution and shared under non-disclosure agreements.
Helpful Links
CSA Security Standards - https://cloudsecurityalliance.org/star/
AWS Risk and Compliance - https://aws.amazon.com/compliance/programs/
Rapid Medical Privacy Policy - https://www.gorapidmedical.com/privacy-policy