Security at ProviderTrust
ProviderTrust systems and applications are built on Amazon Web Services (AWS), the largest hosting provider in the United States. AWS data centers are PCI, HIPAA, ISO 27001, and HITRUST certified in addition to being FedRAMP compliant and have SOC 1, SOC 2, and SOC 3 reports available for review. Using AWS allows ProviderTrust to leverage these standards and offer our customers a service that is reliable and secure with guaranteed levels of redundancy and uptime.
Below you will find a short list of the more frequently asked security questions we receive. If you would like further details surrounding our IT security policies, procedures, and configurations please let us know. We will schedule a call to discuss your questions and provide additional documentation if needed.
Here are a few of the topics we frequently receive questions around.
- The applications are accessible via any web browser with username and password.
- Password complexity requirements stipulate a minimum of 10 characters consisting of numbers, upper and lower case letters, and symbols.
- Account sessions timeout after 30 minutes of inactivity.
- We have the ability to run audits and reports on any data in the system.
- Reports are generated via the web portal and secured through HTTPS connectivity.
- We recommend file transfer via our SFTP server, but upload via HTTPS or Sharefile is also accepted.
- All data is encrypted at rest using AES-256 encryption.
- We have SLA’s in place to ensure our service is available to you 24 hours per day, 7 days per week.
- Scheduled downtime requires 24 hour notice to customers prior to interruption.
We perform annual security penetration testing and monthly vulnerability scanning to ensure our systems are free of any exploits and configured to mitigate attacks and prevent intrusion.
Our systems team utilizes security groups, firewall restrictions, network segmentation and many of the other advanced security features offered by AWS, combined with best practice designs to ensure customer data is safe and secure. . We also back our services with the industries leading insurance coverage with over $5,000,000 cyber liability insurance policy.
We focus to ensure data is:
- Encrypted in transit through use of SFTP and HTTPS, and in transit using AES-256 strength file encryption.
- Has configurable view/edit rights to allow you to configure which of your employees can access it.
- Always hosted on servers located within the United States.
ProviderTrust understands ensuring data security requires more than just technical solutions and that measures must be taken to ensure data security is part of our company culture as well.
We cultivate security awareness through:
- Required training and education on how to identify and handle sensitive information.
- Restricting data and server administration access to only those who require it to perform their duties.
- Ongoing review, consideration, and remediation of potential issues.
Protecting our clients and keeping their data safe and secure is our top priority. We invest deeply in ensuring our security standards are best-in-class and are proud to be certified SOC II compliant and by NCQA for our processes and practices in the ways we manage, store, and interact with client data. Your organization is safe with us.