Information & Data Security
Assivo takes the security of our customers data very seriously and has made protection of all customer data/information a top priority for our organization. We implement a layered approach to information/data security to ensure compliance with regulatory/customer requirements and best practices. The information provided here is meant to provide an overview of our security policies and approaches. If you would like additional detail on our security policies and controls, please contact us.
Assivo adheres to the “least privileged” access policy. We only allow authorized staff to access data that is required to perform their job function. We further require multifactor authentication of all employees in order to gain access to any of our corporate systems. We have centralized all access control so that we can audit and monitor all access to our systems. This also ensures that we can remove access for all systems quickly and efficiently if an account is suspected of being compromised or is no longer required.
All data “in-motion” and “at-rest” is fully encrypted according to regulatory requirements and industry best practices.
Logging and Security Monitoring
Assivo constantly monitors systems activity to detect and prevent intrusion of our network and systems. In addition, all configuration changes are closely monitored to ensure that our systems adhere to our hardening standards. All events are logged to enable Assivo to perform forensic analysis of attacks and to identify anomalies to be alerted to potential security incidents.
Assivo regularly performs both internal and external vulnerability tests to assess necessary enhancements to our systems and network to address evolving security threats.
Security Policies and Controls
Assivo maintains and regularly updates its information security policies and ensures enforcement of its policies with both technical and operational controls. Our policies adhere to both regulatory and industry best practice standards.
All Assivo staff and employees are required to receive training on privacy and security policies and are required to sign an agreement that they will adhere to our policies.