Trust in Continuous Monitoring and Vulnerability Management
ProofPilot’s continuous monitoring program builds on our ethical trust framework and secure-by-design development and operational procedures. These processes are in place not only to identify and mitigate deviations from procedure and security threats but also part of our continuous process improvement model to improve accessibility and usability for our customer’s participants.
Continuous Monitoring Program
From a proactive perspective, ProofPilot regularly monitors industry security and privacy problems and discusses among the team in a case management based approach to ensure we don’t have the same problems. Reactively, we log all activity on the platform and uses a combination of manual and automated detection tools for an ongoing awareness of our own vulnerabilities, incidents, and threats. For any issues, ProofPilot is prepared to respond accordingly.
Incident Response Program
ProofPilot maintains an incident response program in accordance with HIPAA. Beyond regulatory requirements, the entire ProofPilot team regularly reviews potential threats and vulnerabilities and creates mitigation actions for both actual and potential events.
Security Log Retention
ProofPilot retains security logs for at least 180 days, and in some cases indefinitely. Access to these security logs is limited to the Director of Web technology, and the contents are only communicated with others on an as needed basis.