Trust Center
It is all about trust Between you and us.Security & Compliance
At XpertDox, we prioritize security and compliance, which is why we have pursued a range of certifications that showcase our unwavering dedication to safeguarding our clients' information. Our comprehensive certifications span various subjects, including information security and disaster preparedness, aligning with our business philosophy to ensure our operations remain trustworthy and reliable.
Security
XpertDox offers enterprise-level security features so you can set up rigorous controls for who can access, manipulate and delete data in your databases.
Workforce Training
All team members receive training on security protocols and HIPAA compliance. We conduct monthly assessments and frequent training sessions to inform and mitigate risks from potential threats.
Access Management
We ensure that access to critical systems is valid and properly configured and periodically review access to essential systems.
Threat And Vulnerability Management
We perform quarterly penetration testing on our network and servers to ensure that access points are resilient to attacks and potential breaches.
Infrastructure Security
We identify and mitigate potential vulnerabilities through risk assessments, access controls, system monitoring, regular software updates, and policy controls.
Incident Management
We have implemented clear protocols and procedures for reporting and responding to incidents, with designated key personnel roles and responsibilities. Such events can range from cyber-attacks and data breaches to natural disasters and employee misconduct.
Application Security
We secure applications against unauthorized access, data breaches, and other attacks using code reviews, vulnerability testing, access controls, and encryption, among other measures.
Business Continuity
ISO 22301 is an internationally recognized standard for Business Continuity Management Systems (BCMS) that helps organizations ensure the continuity of their critical business functions in the event of a disruption. It provides a framework for developing, implementing, and maintaining a robust BCMS that can help organizations respond to and recover from incidents such as natural disasters, cyber-attacks, or other unexpected events. ISO 22301 provides guidance on risk assessment, business impact analysis, and the development of a Business Continuity Plan (BCP), which helps organizations minimize the impact of disruptions and ensure the smooth functioning of their critical business functions.
Compliance
Undergoes independent verification of platform security, privacy, and compliance controls. Our strong and growing focus on standards and compliance will help you meet your regulatory and policy objectives.
XpertDox's ISO 22301:2019 certification is a result of an independent third party audit, which examines the organization's controls and preparedness in the event of unexpected and disruptive incidents. With this certification, XpertDox is business-continuity certified. This means that our client data and workflows are protected from unforeseeable events, such as a natural disaster.
XpertDox users' data and underlying systems are fully isolated from other users. Database resources are associated with a user group, which is contained in its own Virtual Private Cloud (VPC). Access must be granted by IP access lists, VPC peering, or private endpoints.
XpertDox System and Organization Controls (SOC) Reports are the result of independent third-party audits that examine how XpertDox achieves key compliance controls and objectives. The XpertDox SOC 2 Security Type I report will help you and your auditors understand the XpertDox controls established to support data security, availability, confidentiality, privacy, and more.
For organizations in healthcare and related fields subject to the requirements of the Health Insurance Portability and Accountability Act of 1996 (HIPAA), XpertDox Cloud is HIPAA-ready and enables covered entities and their business associates to use a secure cloud database environment to process, maintain, and store protected health information (PHI).
Data Privacy and Management
Data privacy and management are essential steps for maintaining customer trust and protecting sensitive information from cyber threats and data breaches. By implementing effective data privacy and management practices, we can safeguard our reputation, reduce our risk of liability, and demonstrate our commitment to protecting the privacy and security of our customers' data.