At WaiverFile, we take the protection of the data you collect seriously. Our policies and procedures make sure that your information and your customer's information is properly secured and protected against data breaches. The information below outlines some of the details of our security and privacy policies and procedures so you can be assured that the data you collect with us is safe, secure, and managed properly.
How does WaiverFile secure my organization’s data?
WaiverFile practices Security-First principles. The WaiverFile solution incorporates cybersecurity controls in the following areas:
- Encryption in Transit
- Encryption at Rest
- Cell-level Encryption
- Data Masking
- Vulnerability Scanning
- Penetration Testing
- Monitoring and Alerting
- Risk Management
- Governance
WaiverFile Cybersecurity policies and procedures are regularly evaluated and adjusted to align with industry best practices.
What specific cybersecurity techniques does WaiverFile implement?
Cybersecurity techniques are not static. We reserve the right to implement tighter controls and techniques to meet the challenges of securing our customer’s data.
At present, some of our cybersecurity techniques include:
- Database encryption: security at rest and cell-level encryption
- Encryption in Transit between all endpoints
- Firewalls
- Strong security protocols: TLS 1.2 and TLS 1.3
- Strong cipher suites:
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
- TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
- Alerting and Monitoring
- Regular Vulnerability Scanning and Penetration Testing
Are Electronic Signatures Legal?
Generally speaking, electronic signatures are widely accepted in most countries around the world. To lean more about the specifics in your area, we have prepared a series of articles outlining the details of legislation in a number of locations. See the list: The Legality of E-Signatures.
What Cybersecurity Framework does WaiverFile implement?
WaiverFile develops and implements methodologies based on the cybersecurity special publications and guidance delivered by NIST, National Institute of Standards and Technology. NIST guidance is important to our customers in that it aligns to regulations of the United States Federal and State governments, as well as European Global Data Privacy Regulation and other privacy regulations, either at a federal or state level.
The NIST Cybersecurity Framework is the result of collaboration between private sector industry professionals and government agencies. It was borne out of Executive Order 13636, which focused on improving critical infrastructure cybersecurity. Healthcare is one of the 16 critical infrastructure sectors.
The preliminary voluntary framework came out in 2013, with version 1.0 released the following year, defining its core and implementation tiers and establishing controls, security functions, categories, subcategories, and more.
The framework integrates industry best practices and standards into a common language to help organizations understand and communicate risks internally and externally throughout a supply chain.
How does the implementation of a NIST Framework ensure proper cybersecurity oversight?
With the Cybersecurity Enhancement Act of 2014, Congress ratified the preliminary cybersecurity standards into NIST responsibilities. The framework is designed to help organizations:
- Identify risks, vulnerabilities, and their potential impact
- Inform response
- Recover from incidents
- Evaluate root causes for weaknesses and vulnerabilities
- Take steps to improve controls to reduce risks
The NIST Cybersecurity Framework incorporates five core functions:
- Identify
- Protect
- Detect
- Respond
- Recover
This framework, however, has not remained static and is evolving along with today’s modern threat landscape. In 2018, amendments included self-assessments, supply chain risk management, identity and access management, and a vulnerability disclosure lifecycle.
More changes to NIST Cybersecurity guidance are anticipated, including:
- Cyberattack lifecycle
- Artificial intelligence (AI)
- Machine learning
- Governance
- Enterprise risk management
Is WaiverFile HIPAA-Compliant?
Yes. Learn more about our HIPAA Compliance here.
Is WaiverFile GDPR compliant?
Yes. Learn more about our GDPR Compliance here.
I need a copy of WaiverFile’s Cybersecurity Policy documentation to satisfy an internal assessment
Please reach out to privacy@waiverfile.com to initiate the process.