AutoVitals has software industry-standard policies and procedures in place to protect and monitor our cloud-based systems and hosted data. We follow standard SDLC and Change Management practices regarding our design, development, and deployments with appropriate security controls, including those to protect endpoints, servers, networks access, and other assets from malware. All systems, internal and external, are using SSL. Controls are in place to restrict logical access to systems and information to authorized parties only, and only approved for business purposes; all access to our internal systems require VPN. All applications and infrastructure are designed, developed, deployed, and configured such that tenant user access and intra-tenant access is appropriately segmented, segregated, monitored, and restricted from other tenants.
Vulnerability remediation is prioritized using a risk-based model from an industry-recognized framework and controls are in place to monitor our data center 24x7x365. Monitoring is provided through ArmorPoint, who is SOC II Type 2, HIPAA, and HiTech Compliant. We have policies, standards, and procedures in place for identifying and managing supply chain risks including coalition scans and performance tests against our systems, regularly, from outside our hosted network.
Each AutoVitals client owns their data as stated in our Terms available at https://autovitals.com/terms and we do not store sensitive data such as credit card payment information or Social Security Numbers (SSN).
For more information, please contact the AutoVitals Product Team at pm@autovitals.com