Participants in ProofPilot studies join to learn about themselves, earn rewards, and contribute to the societal good. In doing so, they are sharing some of their most intimate details. Our customers need the results of these studies to make decisions that affect lives. Trust is essential.
Therefore, at ProofPilot, security isn’t just checking off boxes to meet regulatory requirements and review expectations. It’s about creating an operational, physical and cultural environment that protects the trust. For us, trust has four broad categories:
- Security: ProofPilot maintains a culture of security that mitigates threats and closes weaknesses using IT and cultural best practices.
- Privacy & Confidentiality: ProofPilot takes a private and confidential first approach. Personally, identifiable data is a last resort only.
- Ethics: In addition to quarterly security reviews, every study on ProofPilot undergoes an ethical review process by a third party organization. This review puts our trust tenants continually under the microscope. Are we treating participants with respect? Do they understand the risks and benefits of participation? Are we protecting their privacy and confidentiality?
- Ease of Use: All ethical and security procedures must be balanced against user acceptability. We consider and design every security and ethical procedure to ensure they don’t create unnecessary barriers to access for the precise people we want to engage.
Security Organization & Program
Building trust through security, privacy and ethics is a key priority for everyone at ProofPilot. The leadership of this program comes straight from the top with CEO Matthew Amsden acting as the security officer, with the support of Ernesto Vargas, Systems Administrator. As a small multi-disciplinary team, with this leadership, security is a regular conversation in every aspect of the company and its products.
Our security program includes the components of:
- Policies and Procedures
- Asset Management
- Access Management
- Cryptography and Encryption
- Physical Security
- Operations Security
- Business Continuity Security
- People Security
- Cloud and Infrastructure Security
- Security compliance
- Third-Party Security
- Vulnerability Management
- Security Monitoring and Incident Response
Learn more by navigating through the following sections: