Your data’s security is of the utmost importance to us. We employ best practices and best-of-breed standards to guarantee that your sensitive data remains protected and only accessible by authorized persons for authorized uses.
At Truve, we believe that data security is a fundamental aspect of our legal technology platform. To ensure the confidentiality, integrity, and availability of customer data, we have implemented various security measures, including:
We use industry-standard encryption algorithms to protect customer data both in transit and at rest. We also implement key management and rotation policies to ensure that encryption keys remain secure.
Truve is built entirely on the Amazon Web Services (AWS) platform, which provides security and stability through the largest cloud environment. AWS is trusted by 1.4 million companies around the world, including some of the biggest names in digital services. Our AWS servers are hosted in the US, and we leverage AWS’s extensive security features to protect customer data.
Truve is committed to protecting the privacy and security of Personal Health Information (PHI) in compliance with the Health Insurance Portability and Accountability Act (HIPAA). We have implemented technical, administrative, and physical safeguards to protect PHI, along with the ability to audit data to demonstrate privacy and compliance.
Truve employs RBAC, ensuring only authorized individuals have access to customer data, and only for a very-defined time period. We define roles and permissions based on job responsibilities and implement policies to ensure that access is granted on a need-to-know basis. These measures are controllable by end users, and they are employed by our own operations on the back-end for the protection of our customers.
Truve is currently undergoing a SOC 2 Type II audit, which measures the effectiveness of our internal controls in five Trust Services Categories: Security, Availability, Processing Integrity, Confidentiality, and Privacy.
Truve is on the path towards implementing ISO/IEC 27001, a widely recognized standard that provides requirements for a robust information security management system (ISMS).
The Truve operations team has established an Information Security Committee, with cross-functional executive representation that meets regularly. The Committee provides governance, risk, and compliance (GRC) oversight as part of our enterprise risk management program.
Truve is continuously working to improve our security posture. We conduct regular risk assessments, audits, privacy impact analysis, penetration testing, vulnerability scans, and other security best practices to identify and mitigate security risks.
In summary, Truve takes a comprehensive approach to data security and employs various measures to ensure that customer data is protected. We believe that this approach is fundamental to our mission of delivering a best-in-class legal technology platform.
Start the conversation to learn more about Truve's revolutionary technology.Request a demo