At Cedar Contact, security and privacy are a key focus.
We have implemented a wide array of controls and safeguards in our code and processes to protect customer data and support enterprises in their own compliance efforts. Our infrastructure is hosted and managed within secure cloud providers accredited for ISO27001, SOC2 and PCI level 1. Our security teams work tirelessly to ensure that best practices are followed to keep your data safe.
Below, you can read more about our current certifications and attestations and how they can assist your enterprise in compliance activities.
HIPAA
Status: Third-Party Audit in Process
Covered Topics: Protections for Health Data
HIPAA provides data privacy and security provisions for safeguarding medical information. Enterprises using Cedar Contact can be assured that the administrative and technical requirements for software providers have been followed. These include but are not limited to secure data flows, audit trails and end-to-end encryption. While there is no definitive “HIPAA certification” status, industry best practices encourage third-party audits reviewing both technical and administrative compliance measures.
Cloud Security Alliance
Status: Member
Covered Topics: Data Security
Our technology partner, Thrio, is a member of the Cloud Security Alliance. Membership in the CSA is voluntary. The organization encourages best practices in security within cloud computing.
PCI
Status: Third-Party Audit in Process
Covered Topics: Payment Card & Information Security
Cedar Contact’s PCI certification may enable an enterprise’s own data protection activities related to payment processing. While many elements of PCI compliance will still rest on an enterprise’s own practices, Cedar’s data storage, firewalls, in-transit encryption, and other information security efforts will assist in achieving and maintaining PCI compliance.
SOC 2 Type 2
Status: Third-Party Audit in Process
Covered Topics: Security, Availability, Processing Integrity, Confidentiality and Privacy
SOC 2 certification is an auditing procedure that ensures service providers like Cedar Contact manage customer data in accordance with the principles of security, availability, processing integrity, confidentiality, and privacy. SOC 2 Type 2 reports detail the operational effectiveness of a SaaS provider’s systems as they relate to those principles. SOC 2 certifications are issued by third party auditors.
HITRUST CSF
Status: Third-Party Audit in Process
Covered Topics: Health Data | HIPAA Security Rule
Cedar Contact’s certification in HITRUST Common Security Framework supports enterprises in their compliance efforts related to health care data. The HITRUST CSF is the set of standards required for HIPAA compliance.
GDPR
Status: Third-Party Audit in Process
Covered Topics: Privacy & Data Security
GDPR compliance assists Cedar Contact customers in their efforts to do business in the European Union. This data protection, privacy, and data security standard is also relevant for enterprises whose data flows through the EU as GDPR covers data exporting out of the European Union.
Home | Cedar Remote | Cedar Cloud | Cedar Support | Security