Customer Data Security at Enterprise Scale
From people to technology, ActionIQ has been built from the ground up with security and privacy in mind. Our team, business practices and security infrastructure are best in class.
Compliance and Certifications
HIPAA Type 1 Certified Vendor
Enforced by the U.S. Department of Health and Human Services, the HIPAA Act establishes national standards for maintaining the security and privacy of electronic health information, setting rules for privacy, security and breach notification in order to maintain the integrity of protected health information.
By meeting HIPAA compliance guidelines, ActionIQ is ready to implement safeguards to ensure the confidentiality and integrity of sensitive healthcare data. Our customers can confidently manage health information knowing they’re partnering with a HIPAA Type 1-certified vendor.
Enterprise Admin Tooling
ActionIQ’s administrative tools are designed to support your organization’s data, user and security management policies.
Role and team-based permissioning and authorization framework
Single sign-on (SSO), two-factor authentication (2FA), password mandates and reCaptcha
Self-service administration interface to support your distinct processes
Logging and Tracking
Auditable logs of user activity as well as data ingest & export events
Configured with dedicated development and production accounts
Permanent removal of deleted data
Security and Privacy Best Practices
ActionIQ employs a combination of infrastructure, technology, product design, processes, and internal & external personnel to implement a broad range of industry best practices for data security.
Data is encrypted in transit using Advanced Encryption Standard (AES-256) and at rest
Employs dedicated instance data processing and utilizes client-specific identity and access management (IAM) definitions
Secure, Minimal Network Surface
White-listed IPs; private subnet behind network proxy, firewalls and an IDS/IPS solution with 24/7/365 monitoring and alerting
Compliant with SOC 2® Type 2, EU Privacy Shield, CCPA with inherited certifications from AWS
Conduct periodic risk assessments, infosec audits, mandatory training, business continuity (BCP) and disaster recovery (DR) planning
External experts conduct periodic penetration tests and code analysis in addition to annual SOC 2 Type 2 examinations — one of the industry’s most rigorous trust standards