Vodori is committed to ensuring that our customers are accessing Pepper Cloud applications securely. The following policies and procedures have been put in place to help protect customers and meet compliance requirements.
Secure Transmission and Storage of Data
- Connection to the Pepper Cloud environment is via TLS cryptographic protocols ensuring that our users have a secure encrypted connection
- All data is further encrypted while in transit within the Pepper Cloud and also when persisted “at rest”
- Perimeter firewalls and edge routers block unused protocols
- Internal firewalls segregate traffic between the application and database tiers
- Intrusion detection sensors throughout the internal network report events to a security event management system for logging, alerts, and reports
- A third-party service provider periodically scans the network externally and alerts changes in baseline configuration
- Managed intrusion detection monitors suspicious network traffic, sending alerts to our security team while blocking the traffic
- The Pepper Cloud service replicates customer data to a second datacenter on a nightly basis
- Data is transmitted across a private secure network
- Data Recovery Time Objective: 24/48 hours (standard / extended)
- All data is backed up at each data center on a daily basis
- Optional off-site backup storage is also available by request, for a fee
Internal and Third-party Testing and Assessments
- At the Vodori product and customer application level, Vodori provides tailored software validation procedures to comply with health care industry regulations for software quality. All Vodori products and customer applications are validated prior to public launch. Similar to our penetration testing regimen, validation procedures are built into our software development processes.
- Vodori tests all Pepper Cloud product and customer application code for security vulnerabilities before release, and regularly scans our network and systems for vulnerabilities. Third-party tools are used to assess software and infrastructure vulnerabilities regularly, including:
- Application vulnerability assessments
- Network vulnerability assessments
- Penetration testing and source code vulnerability review
- Security control framework
Our Information Security team monitors notifications from various sources and alerts from internal systems to identify and manage threats.
Vodori partners with top tier, SOC 2 Type 2, ISO 27001 certified data centers to ensure the availability and security of Pepper Cloud and to protect customer data from theft, corruption, or mishandling.
Best Practices for Customer Access
Vodori’s user management service enforces strict rules on password strength. If Vodori is instead integrating to your company’s identity management service, we recommend that our customers adopt strong user password policies as an effective way to protect your company data.
Vodori’s products are created and supported by an exceptional team of committed professionals. All Vodorians undergo third-party background checks and extensive vetting prior to joining the company. Additionally, all employees are required to complete ongoing security training throughout the year.
Vodori’s Pepper Cloud is hosted with our trusted data center partners who maintain ISO 27001 and SOC 2 Type II compliance. Physical access is strictly controlled both at the perimeter and at building access points by professional security staff utilizing video surveillance, intrusion detection systems, and other electronic systems. Authorized staff must pass two-factor authentication a minimum of two times to access data center floors. All visitors and contractors are required to present identification and are signed in and continually escorted by authorized staff.
Data center system access and information is only provided to employees and contractors who have a legitimate business need for such privileges. When a Vodori or data center employee no longer has a business need for these privileges, his or her access is immediately revoked, even if they continue to be an employee. All physical access to data centers by employees is logged and audited routinely.
Additionally, these data center facilities provide:
Fire Detection and Suppression
Automatic fire detection and suppression equipment has been installed to reduce risk. The fire detection system utilizes smoke detection sensors in all data center environments, mechanical and electrical infrastructure spaces, chiller rooms and generator equipment rooms. These areas are protected by either wet-pipe, double-interlocked pre-action, or gaseous sprinkler systems.
The data center electrical power systems are designed to be fully redundant and maintainable without impact to operations, 24 hours a day, and seven days a week. Uninterruptible Power Supply (UPS) units provide back-up power in the event of an electrical failure for critical and essential loads in the facility. Data centers use generators to provide back-up power for the entire facility.
Climate and Temperature
Climate control is required to maintain a constant operating temperature for servers and other hardware, which prevents overheating and reduces the possibility of service outages. Data centers are conditioned to maintain atmospheric conditions at optimal levels. Personnel and systems monitor and control temperature and humidity at appropriate levels.
We monitor electrical, mechanical, and life support systems and equipment so that any issues are immediately identified. Preventative maintenance is performed to maintain the continued operability of equipment.
Storage Device Decommissioning
When a storage device has reached the end of its useful life, data center procedures include a decommissioning process that is designed to prevent customer data from being exposed to unauthorized individuals. The data center uses the techniques detailed in DoD 5220.22-M (“National Industrial Security Program Operating Manual “) or NIST 800-88 (“Guidelines for Media Sanitization”) to destroy data as part of the decommissioning process. All decommissioned magnetic storage devices are degaussed and physically destroyed in accordance with industry-standard practices.