Home
Start typing to search…

Security Controls

Learn about the comprehensive security controls available in the CDP to protect your organization's data and ensure compliance.

Security Controls

Our platform provides comprehensive security controls designed to protect your organization's data and ensure compliance with industry standards and regulations. These controls are built into every aspect of the platform, from user authentication to data access and audit logging.

Multi-Factor Authentication (MFA)

Multi-Factor Authentication adds an extra layer of security to your organization's accounts by requiring users to provide additional verification beyond their password. You can configure the MFA settings required for your organization.

Inactivity Timeout

Automatically sign users out after a period of inactivity to prevent unauthorized access to sensitive data and systems. You can configure a custom timeout to meet your security policies.

HIPAA-Compliant Audit Logging

Every action taken against our Admin API is tracked with robust audit logging that meets HIPAA compliance standards.

  • Comprehensive Tracking: Log all user actions, system changes, and data access
  • HIPAA Compliance: Meet healthcare industry audit requirements
  • Detailed Records: Capture timestamp, user, action, and affected resources
  • Long-term Storage: Maintain audit logs for required compliance periods

Configure Least Privilege

Our platform provides very fine-grained access controls that allow you to implement the principle of least privilege with exceptional precision. Use roles and policies to configure granular permissions for users, ensuring they have access only to the specific resources and actions they need to perform their job functions.

  • Granular Permissions: Control access at the individual resource, action, and data level
  • Role-Based Access Control (RBAC): Create custom roles with specific permission sets
  • Resource-Level Security: Restrict access to specific destinations, sources, or data streams
  • Action-Specific Controls: Limit users to specific operations (read, write, delete, etc.)
  • Data-Level Restrictions: Control access to sensitive data fields and properties

Data Protection and Privacy

Our platform includes multiple layers of data protection to ensure your information remains secure.

  • In-Transit Encryption: All data is encrypted using TLS 1.3 during transmission
  • At-Rest Encryption: Data is encrypted when stored in our systems
  • Key Management: Secure key management practices for encryption keys
  • End-to-End Protection: Comprehensive encryption from data collection to storage

General Security Standards

  • SOC 2 Type II: Platform meets SOC 2 security standard
  • HIPAA Compliance: Built-in controls for healthcare data protection
  • Industry Best Practices: Implementation of security industry standards
  • Strong Password Requirements: Enforced strong password policies
  • Security Best Practices: Follows industry-standard security practices including regular security updates, vulnerability assessments, and secure development lifecycle

Updated 8 days ago