Security

Attane Health maintains a robust and comprehensive information security policy to comply with its regulatory and business requirements and ensure that all user information is secured and protected. The following information describes how Attane Health’s information security policy safeguards sensitive and confidential data stored, accessed, or transmitted through the platform.

Our Information Security Program follows the criteria set forth by the SOC 2 Framework. SOC 2 is a widely recognized information security auditing procedure created by the American Institute of Certified Public Accountants (AICPA).

By adhering to the SOC 2 Framework, Attane Health demonstrates its commitment to maintaining a high level of information security and protecting the confidentiality, integrity, and availability of customer data. SOC 2 compliance involves an independent audit conducted by a third-party auditor to verify that Attane Health’s security controls meet the requirements of the SOC 2 Framework.

Risk Assessment

Attane Health conducts an annual risk assessment program to identify potential threats and vulnerabilities to its systems and services.
This program involves a thorough analysis of security risks, including internal and external threats such as unauthorized access, data breaches, and cyberattacks.
The risk assessment helps prioritize security measures and allocate resources effectively.

Confidentiality Agreements for Employees

All employees of Attane Health are required to read and accept a confidentiality agreement.

This agreement prohibits the disclosure of company data to unauthorized individuals or entities.
Employees are made aware of their responsibilities in protecting sensitive information and the consequences of violating the confidentiality agreement.

Strict Access Control Measures

Attane Health implements strict access control measures to restrict private information to privileged users with assigned responsibilities.

Access to sensitive data is granted on a need-to-know basis, ensuring that only authorized personnel can view or modify confidential information.
Multi-factor authentication and role-based access controls are employed to further enhance security.

Data Handling, Retention, and Disposal Program

Attane Health has established a comprehensive data handling, retention, and disposal program to manage information in accordance with applicable laws, regulations, and industry standards.
This program defines clear guidelines for the storage, retention, and disposal of confidential data.
Confidential data is retained only for as long as necessary to meet legal and contractual obligations, after which it is securely disposed of.

Network Segmentation for Cloud Environments

To enhance security in cloud environments, Attane Health employs network segmentation.

This involves isolating critical systems and networks from external connections, preventing direct or unauthorized access from the internet.
Network segmentation helps protect sensitive data from cyberattacks and unauthorized intrusion attempts.

Vulnerability Management Program

Attane Health has implemented a robust vulnerability management program to ensure the confidentiality, integrity, and availability of its information systems.
This program includes regular vulnerability assessments and patching of identified vulnerabilities.
The program also includes continuous monitoring for security threats and vulnerabilities.

Independent Third-Party Penetration Tests

In addition to internal security measures, Attane Health engages independent third-party penetration testers to conduct annual penetration tests on critical systems.
These tests simulate real-world attacks to identify potential vulnerabilities that may be exploited by malicious actors.
The findings from these tests are used to strengthen security measures and mitigate identified risks.

If you have any questions or concerns or if you wish to report a potential security issue, please contact infosec@attane.health.com