We follow industry best practices and uphold the highest information security standard to protect the confidentiality, integrity, and availability of our customers’ data.

---

Proactive Risk Management

24×7 real time monitoring and incident response

Regular External and Internal Vulnerability and Penetration testing

Risk-based security program focusing on continuous monitoring and evolution to support ongoing change in business, such as IT consumerization

Information Protection

HIPAA compliance, Annual SOC 2 Type 2 attestation, and mandatory security awareness training

Layers of defense through Data Loss Prevention and Encryption of data in motion and at rest

Risk management framework, including third-party vendor risk assessment

Compliance and Security by Design

Security built into every part of IT management process

Infrastructure and code-level tests integrated into code deployment process and the configuration management update process

Controlled and standardized build and update process per regulatory guideline

Resilience and Recoverability

Detailed Business Continuity Plan and Disaster Recovery runbooks validated through quarterly exercise

24×7 monitoring of the performance of internet-facing applications

Implementation of the latest technology, including secure cloud hosting service and redundant data center configuration to improve MagnaCare service reliability