Here are some key elements about security at Scope.claims:
- Customer-uploaded data is hosted through Amazon Web Services in N. Virgina.
- The AWS infrastructure puts strong safeguards in place to help protect customer privacy. All data is stored in highly secure AWS data centers.
- AWS manages dozens of compliance programs in its infrastructure. This means that segments of compliance have already been completed.
- We use top-notch data center providers to host our systems. They all have SOC2 Type 2 reports and provide all the physical security protection measures you would expect.
- We understand that software security is very important. We continuously scan our applications for vulnerabilities, using a combination of static source code analysis and dynamic testing. Encrypt all email data in transit using TLS. Have an independent penetration test conducted on an annual basis.
- HTTPS Encryption on all data between the Scope.claims service and the client web browser. Login without encryption is non-optional. Scope.claims servers are fire-walled and only those services which are required to be running are listening. Connections between servers are made using encrypted secure tunnels
- Scope.claims employees do not access customer uploaded data in Scope.claims without prior customer consent.
- No super-user account exists in the organization. All accounts are private to each individual user
- All data is backed up nightly and copied to another off-site location