A Commitment to Comprehensive Security and Data Privacy Practices

providING our customers with the highest level of confidence

Unyielding Commitment to Protecting Information Assets and QMS Information Security

AssurX is committed to protecting its information assets to satisfy the company’s business objectives, meet the information security and compliance requirements of our customers, and protecting rights to privacy.

AssurX implements programs that are auditable, repeatable, and comprehensive. Our processes are continual and iterative to ensure that our data and our customers’ data is always protected at or beyond industry standards.

AssurX asset protection and QMS information security objectives include:

  • Defining responsibilities and business processes for information security
  • Building a corporate culture of security and diligence
  • Reducing security incidents through controls specific to unique risks and assets
  • Meeting additional security compliance requirements as required

AssurX is ISO 27001 certified, demonstrating that it operates an Information Security Management System that conforms to the requirements of ISO/IEC 27001:2013: Information Security Management System (ISMS) conforms to applicable standards for the implementation of information security, availability, and operational controls to protect our customers’ data and the supporting cloud infrastructure.

AssurX QMS information security is certified that the scope and boundries of the ISMS are as follows:

The information Security Management System (ISMS) applies to the implementation of information security, availability, and operational controls that secure the design and development of the AssurX Enterprise Quality management & Regulatory Compliance Software and Cloud Platforms, Professional Services, and Technical Support Services, including stored customer data and the supporting cloud infrastructure, in accordance with the ISMS Statement of Applicability.

AssurX is officially SOC 2 compliant in accordance with SSAE Attestation Standards. SOC, which stands for System and Organizational Controls, is a framework developed by the American Institute of Certified Public Accountants (AICPA) for the purpose of providing regular, independent attestation of the controls that a company has implemented to mitigate information-related risk.

General Data Protection Regulation (GDPR) regulates the collection and processing of the personal data of EU residents and companies that operate in the EU and outside of the EU if they have any EU customers or personal data of anyone in the EU. AssurX’s marketing data strategy is aligned with GDPR and the ePrivacy Directive. For more information, view our Privacy Policy and Cookie Policy.

AssurX uses 256-bit data/file encryption for data in transit and data at rest to provide you with the highest peace of mind and the highest security standard. It is the most secure encryption method used in modern encryption algorithms, protocols and technologies. The 256-bit encryption key is used by the US government and other entities that need to protect highly classified information.

AssurX complies with HIPAA regulations and offers a Business Associate Addendum (BAA) for Covered Entities doing business with us.

AssurX has instituted company-wide policies and procedures to assure this, including employee training, frequent policy and procedure reviews, signed confidentiality agreements and stringent information security procedures.

COMPLIANCE SYSTEM CONTROLS

AssurX provides administrative, technical and physical safeguards and controls to meet compliance requirements and standards as applicable to AssurX for:

For additional information on AssurX security and data protection, please contact infosec@assurx.com.