Vodori is committed to helping our customers access Pepper Cloud in a secure manner. The following policies and procedures have been put in place to help protect customers and meet compliance requirements.
Vodori has successfully completed a SOC 2 Type 2 audit, receiving an unqualified opinion which states that Vodori’s internal controls meet the criteria for the security, availability, and confidentiality principles. This demonstrates Vodori’s commitment to our customers’ data security and privacy. To obtain a copy of this report, please contact your Customer Success Manager.
Vodori also partners with top tier, SOC 2 Type 2, ISO 27001 certified data centers for purposes of providing a high degree of availability and security for Pepper Cloud and to help protect customer data from theft, corruption, or mishandling.
Secure Transmission and Storage of Data
- Connection to the Pepper Cloud environment is via TLS cryptographic protocols to create an encrypted connection between our users and Pepper Cloud
- All data is further encrypted while in transit within the Pepper Cloud and also when persisted “at rest”
- Perimeter firewalls and edge routers block unused protocols
- Internal firewalls segregate traffic between the application and database tiers
- Intrusion detection sensors throughout the internal network report events to a security event management system for logging, alerts, and reports
- Periodic scans are performed on network endpoints to report on potential configuration or vulnerability issues
- Managed intrusion detection monitors suspicious network traffic, sending alerts to our security team while blocking the traffic
- The Pepper Cloud service replicates customer data to a second datacenter on a nightly basis
- Data is transmitted across a private secured network
- Data Recovery Time Objective: 24/48 hours (standard / extended)
- All data is backed up at each data center on a daily basis
- Optional off-site backup storage is also available by request, for a fee
Internal and Third-party Testing and Assessments
- At the Vodori product and customer application level, Vodori provides tailored software validation procedures to help you comply with health care industry regulations for software quality. All Vodori products and customer applications are validated prior to public launch. Similar to our penetration testing regimen, validation procedures are built into our software development processes.
- Vodori tests all Pepper Cloud product and customer application code for security vulnerabilities before release, and regularly scans our network and systems for vulnerabilities. Third-party tools are used to assess software and infrastructure vulnerabilities regularly, including:
- Application vulnerability assessments
- Network vulnerability assessments
- Penetration testing and source code vulnerability review
- Security control framework
Our Information Security team monitors notifications from various sources and alerts from internal systems to identify and manage threats.
Best Practices for Customer Access
Vodori’s user management service enforces strict rules on password strength. If Vodori is instead integrating to your company’s identity management service, we recommend that our customers adopt strong user password policies as an effective way to protect your company data.
All Vodorians undergo third-party background checks and extensive vetting prior to joining the company. Additionally, all employees are required to complete ongoing security training throughout the year.
Vodori’s Pepper Cloud is hosted with industry leading data center partners who maintain ISO 27001 and SOC 2 Type II compliance. Physical access is strictly controlled both at the perimeter and at building access points by trained security staff utilizing video surveillance, intrusion detection systems, and other electronic systems. Authorized staff must pass two-factor authentication a minimum of two times to access data center floors. All visitors and contractors are required to present identification and are signed in and escorted by authorized staff.
Data center system access and data is only provided to employees and contractors who have a legitimate business need for such privileges. When a Vodori or data center employee no longer has a business need for these privileges, his or her access is revoked, even if they continue to be an employee. All physical access to data centers by employees is logged and audited routinely.
Additionally, these data center facilities provide:
Fire Detection and Suppression
Automatic fire detection and suppression equipment has been installed to reduce risk. The fire detection system utilizes smoke detection sensors in all data center environments, mechanical and electrical infrastructure spaces, chiller rooms and generator equipment rooms. These areas are protected by either wet-pipe, double-interlocked pre-action, or gaseous sprinkler systems.
The data center electrical power systems are designed to be fully redundant and maintainable without impact to operations, 24 hours a day, and seven days a week. Uninterruptible Power Supply (UPS) units provide back-up power in the event of an electrical failure for critical and essential loads in the facility. Data centers use generators to provide back-up power for the entire facility.
Climate and Temperature
Climate control is required to maintain a constant operating temperature for servers and other hardware, which prevents overheating and reduces the possibility of service outages. Data centers are conditioned to maintain atmospheric conditions at optimal levels. Personnel and systems monitor and control temperature and humidity at appropriate levels.
Our data center partners monitor electrical, mechanical, and life support systems and equipment so that any issues are identified. Preventative maintenance is performed to maintain the continued operability of equipment.
Storage Device Decommissioning
When a storage device has reached the end of its useful life, data center procedures include a decommissioning process that is designed to prevent customer data from being exposed to unauthorized individuals. The data center uses the techniques detailed in DoD 5220.22-M (“National Industrial Security Program Operating Manual “) or NIST 800-88 (“Guidelines for Media Sanitization”) to destroy data as part of the decommissioning process. All decommissioned magnetic storage devices are degaussed and physically destroyed in accordance with industry-standard practices.