DATA SECURITY

DATA
SECURITY

When it comes to data, we leave no stone unturned in ensuring its security. Red Road is HIPPA and GDPR compliant. We are also SOC2 Type 1 Certified and in the process of getting the SOC2 Type 2 Certification.

Based on the above Data Security requirements, the following are some of the best practice controls that Red Road adheres to:

Data security
DATA SECURITY
  • Employees access Protected Health Information (PHI) via encrypted connection. High security firewalls restrict the movement of information.
  • Encryption of stored data and data in transit with Laptops and Desktops encrypted as well as emails containing PHI/PII.Endpoints protected with anti- virus technology.
  • Restricted access to Internet, limited to job function. A separate network available on separate computers for Internet access unrelated to job function.
  • Restricted access to emails. No emails are allowed to go out, to any domain, unless it is the customer domain or is part of whitelist domain.
  • Protection against viruses and malware.
  • Each managed network perimeter monitored for unauthorized access. Incident Response procedures in place to monitor for significant security events.
PHYSICAL SECURITY
  • Segregation of the production floor to create a separate “Protected Zone” called the “PHI/PII Zone” with additional physical and technical controls including no smartphones or recording devices allowed in the Zone.
  • A Security Guard deployed outside the entry gate of the PHI Zone.
  • Secured area with badge access. Each employee given an access card with defined and controlled access limited to their job function.
  • Access to the PHI Zone is controlled/restricted through access cards given to each employee.
  • Video recording of each employee in the PHI/PII Zone as well as recording of each employee’s desktop.
  • The entire facility monitored real-time by a security guard 24/7/365. Should incidents occur (e.g. tail-gating through a badged access point) the security guard sends video proof to the compliance officer for appropriate action. Recordings are stored at a different location, for future reference.
  • For each user, the complex passwords for their login ID are mandated. Regular password changes are also enforced.
  • No employees with access to PHI/PII allowed to work from home unless the client directs this to be done.
TRAINING
  • Regular security awareness and job specific HIP AA privacy and security training programs given to employees.
  • A dedicated on-site HIPAA compliance officer.
  • All employees trained in HIPAA compliance, privacy and security upon hire.
  • HIPAA compliance, privacy and security posters are found throughout all locations.
  • A sanction policy in place at all locations for any HIPAA-related violations or violations of the Company policies.
BACKGROUND CHECKS
  • Background checks completed for all new employees.
  • New employees are given access privileges depending on the work that they are assigned to.
  • All new employees receive privacy and confidentiality training and sign a confidential agreement.
  • Regular audits of HIPAA compliance solutions programs and formulation of corrective plans to address any violation of compliance is observed.

Please reach out to us at info@redroad.in, if you need to understand more about our data security protocols.