We empower more than 250 organizations to become more resilient & mindful and keeping your trust in our system and processes is the heart of this effort

 

ISO/IEC 27001:2013 CERTIFICATE

ISO/IEC 27001:2013 is an industry standard certification that specifies security management best practices and comprehensive security controls. The basis of this certification is the development and implementation of a rigorous security program, which includes the development and implementation of an Information Security Management System (ISMS).

Silver Oak Health is an ISO 27001:2013 certified company. The implementation of this standard was audited by world’s leading auditing firm SGS.

 
 

ENTERPRISE GRADE SECURITY

Security and Privacy are at the center of how we continue to enhance customer trust. We at Silver Oak Health continuously invests in the confidentiality, integrity, availability and security of the data we handle and process. We have developed a comprehensive set of practices and policies to earn and keep your trust in us.

 

DATA SECURITY

Encryption

Confidential Data at rest is encrypted using AES-256 and data in transit using TLS 1.2

 

Virtual Private Cloud

We use VPCs on AWS for increased security. Connection outside of VPC are allowed only on selected ports and restricted IP

Endpoint Security

All Silver Oak Health laptops are managed with
enterprise device management and endpoint
protection software

Access Control

Role-based access controls are in place that enforces segregation of duties. Minimum permission needed is granted on a need to know basis. Access controls are reviewed on a frequent basis

 

DEVELOPMENT SECURITY

 

Version Control

Source Code is managed centrally using
Atlassian Bitbucket. Records are maintained
for code changes and code check-ins and
check-outs trail is automatically tracked

Penetration Testing

Independent penetration testing and
automated testing in our secure
development practices are conducted
to enable the identification and mitigation
of vulnerabilities

Code Review

All changes in the code are reviewed are
reviewed based upon the established
coding standards and best practices

Role-based access control

Access to the production is restricted to very limited set
of users based on the job roles. Access to the
production environment is done only using management plane using whitelisted IPs

 

ARCHITECTURE SECURITY

Data Backup

Cloud Backups are taken daily. Backups are stored on a different availability zone on a monthly basis

AWS

Our fully AWS based architecture ensures and resiliency and high availability for the product and data

Load Balancing

Automatically distribute application traffic across multiple availability zones that supports high availability, auto scaling and robust security

 

PEOPLE SECURTIY

 

Background Verification

Silver Oak Health has contracted an external agency to perform a background check for all its employees. Background checks include identify checks, education checks and previous employment verification

Non Disclosure Agreements

Silver Oak Health requires all full-time employees as well as contractors to acknowledge and countersign Non-Disclosure Agreements

Regular Trainings

Silver Oak Health Information Security team conducts mandatory security awareness and training program for all Silver Oak Health employees. Additionally, we promote a culture of security awareness through periodic communications from senior management with employees