Our Commitment: Protecting Your Data
Protecting your healthcare data with high security standards
Data plays a critical role in healthcare for measuring performance and is essential for continuous improvement. This is why it is important that it is kept in a safe place. At Petal, cybersecurity is of the utmost importance.
The data used via Petal’s solutions remains the customer’s property. They are replicated and hosted in a location that meets your requirements.
- Encryption in transit using TLS 1.2 or higher
- SSAE-16-certified hosting
- Encryption at rest with minimum AES-256 encryption settings with TLS 1.2 connections (SHA-256 with RSA encryption)
We have several procedures in place that meet high standards and even exceed legal requirements in each jurisdiction in which we operate.
Our customers can have full control and determine the type of permission and role assigned to users.
In order to protect personal health information, the Petal platform does not permit backup to local or personal device.
We follow the healthcare industry’s best practices to meet security needs.
In order to provide foolproof security, maximum privacy and the best protection against cybersecurity threats, the Petal platform is hosted on reputable Microsoft Azure cloud servers.
Microsoft Azure complies with the highest security standards as well as several international standards and certifications such as ISO/IEC 27001: 2013, ISO 27018, HDS, FedRAMP, SOC 1, 2 and 3, PCI DSS, and HIPAA.
To counter potential vulnerabilities, we deploy the full force of our perfectionism. We maintain state-of-the-art security policies and controls. This covers internal processes such as IT management of applications, authentication and access to infrastructure.
External processes are also controlled, in particular the management of suppliers and subcontractors.
We have established a comprehensive incident management reporting process in the event of an outage or breach of privacy.
We perform rigorous external security audits on all our applications and infrastructure.
Petal undergoes third party audits to perform network scans in addition to self-assessments and rigorous testing.
We have an intrusion detection system installed on all our virtual machines in order to proactively detect the slightest vulnerability.