The nVoq platform undergoes regular rigorous independent audits in accordance with the AICPA’s SOC2 Type 2 standard to confirm compliance and safeguarding of client data.
To ensure that the necessary security protocols are in place and function properly, nVoq undergoes a SOC2 Type 2 assessment annually, based on these four Trust Service Principles…
nVoq’s HIPAA compliance is included under its SOC2 Type 2 program so that it undergoes an independent third-party audit every year, even though having an external audit is not required by HHS.
nVoq goes above and beyond to ensure the safety, security, and privacy of your data.
nVoq utilizes advanced monitoring technologies on all levels of our applications and infrastructure. This includes a status page published to the internet for customer access regarding system status and even notification. This information is also available via text or email subscription 24/7 to ensure real-time alerting and response of any issues.
nVoq relies on a multi-tiered, redundant backup strategy to help ensure recovery of archived data. Backup procedures include daily snapshots of all critical client data to multiple media types and geographically diverse locations. We test backups regularly to ensure recovery reliability. We encrypt and securely transport offsite data backups to alternate locations.
Your confidence in our ability to manage and protect YOUR sensitive patient data is important to us. We protect our client data with powerful underlying technology tools including:
- Data Encryption for data in Motion and at Rest
- Strong Encryption Technologies
- MFA employed strategically on our platform
- Intrusion Prevention System (IPS)
- Intrusion Detection System (IDS)
- Web Application Firewalls (WAF)
- Network Firewalls
- Security Information Event Management (SIEM)
- Virus and Malware Detection & Removal
- Penetration Testing
- Vulnerability Scanning
- Dynamic Application Security Testing (DAST)
- Static Application Security Testing (SAST)
Clients access our platform environment via encrypted TLS sessions. We encrypt sensitive customer data both during transmission and at rest using the same industry standard protocols used by modern financial institutions.
nVoq believes that protecting your critical data is worth the extra effort and so we have designed security into our platform. As just a few examples, you can require your company administrators to utilize multi-factor authentication for system log-ins, all relevant account administration activities are logged and retained, data persistence is configurable by your company administrators, strong passwords are required for all administrators. We have a program to proactively apply important patches and to rapidly patch publicly disclosed vulnerabilities. All nVoq client software access requires a unique username and password.
For more information on our compliance efforts or for answers to your security questions, please reach out to us: