Security

CT Suite's Cloud and self managed Server platforms are built with security in mind and include features engineered to keep customer information safe. 

We take security and safety seriously protecting the confidentiality, integrity, and
availability of customer’s data. We recognize security as crucial aspect of our system. With CT Suite the latest technologies and security best practices are used to provide a secure service. To do this, we’ve created a sophisticated infrastructure onto which account administrators can layer and customize policies of their own.

Encryption

CT Suite hosts its services using Amazon EC2  instances with EBS Volumes attached. Encryption operations occur on the servers that host EC2 instances, ensuring the security of data-at-rest. EBS encrypts volumes with a data key using the industry-standard AES-256 algorithm.

HIPAA

Health Insurance Portability and Accountability Act. CT Suite Cloud Service subscription tiers on Amazon Web Services allow for HIPAA business associate agreements (BAAs).

Responsible vulnerability management

CT Suite recognizes that software development inherently includes the possibility of introducing vulnerabilities. We accept and disclose vulnerabilities discovered in our software in a transparent manner.


We carefully review our third-party suppliers

CT Suite maintains an internal Supplier Assessment Standard, which mandates that CT Suite's InfoSec team regularly performs security reviews for all third-party suppliers with whom there is potential to share confidential or restricted CT Suite information (e.g., personal data).


Access controls and logging

Access controls are established to authenticate the identity of individuals accessing systems that process our customer's CT Suite data. These controls are designed to ensure that unauthorized persons do not gain access to such systems, and that authorized individuals gain access only to what is appropriate for their role. Such controls include multi-factor authentication, password strength standards, and Virtual Private Networks (VPN) for administrative access. In addition, we've implemented centralized logging, including proxy logs and access logs.


Data availability

We've engineered a cloud-based platform that provides high levels of availability for your data. We use technical and organizational measures, including backup of data, multiple availability zones, and disaster recovery planning, to ensure that customer cluster data is protected against accidental destruction or physical or logical loss. 


CT Suite Cloud runs on HIPAA Secure platforms

HIPAA (or the Health Insurance Portability and Accountability Act of 1996) is United States legislation that provides data privacy and security provisions for safeguarding medical information. The HIPAA rules apply to “covered entities” that handle data that is protected health information (PHI), such as insurance companies or doctor’s offices, and extend to business associates like CT Suite who process PHI on behalf of such covered entities. All CT Suite Cloud Service subscription tiers on Amazon Web Services allow for HIPAA business associate agreements (BAAs).