Security

Data Encryption  

End-to-end encryption of data throughout the application architecture; incl. both in-transit and at rest (storage).

Role-based Access Controls  

Integrate with any IDP to achieve RBAC logic based on each individual requirements. Authentication calls can be routed via SAML to On-Prem or Cloud based federated servers where rights can be looked up and dynamically assigned.

Single Sign on Authentication  

CloudMine integrates with best-of-breed SSO solutions for both front and backend authentication. Logic can easily be put together to achieve a seamless auth experience.

Secure API Key Management  

Requests are controlled by the API creation and management module. Access controls can be created and assigned all the way down to specific objects and nested objects. In addition, access control lists (ACL) can be created and auto-assigned to users allowing them to share data securely across multiple users or groups.

Constant Monitoring  

Use of constant monitoring to record all activities related to platform access and use. Threat detection and alerting to ensure swift communication and course of action.

Compliance

Compliance Reporting 

Audit reports make proving compliance much easier, and less disruptive.

Logging 

All platform transactions are logged for audit reporting and verification on demand.

Certifications

HIPAA HITECH is the basic set of standards set and controlled by the U.S. Congress and the Department of Health and Human Services that define the information security requirements around electronic protected health information (ePHI). This includes any data about an individual’s health that is also identifiable to them as a person (e.g. their surgical history and their name together in one record).

CloudMine is certified as compliant with HIPAA’s rules and can further facilitate client compliance by enabling actions such as exposing audit logs via an API or managing encryption keys. All while ensuring each vendor in the “value chain” is HIPAA compliant as a part of the HITECH amendment. CloudMine signs “Business Associate Agreements”  (BAA) with our clients.

The purpose of this framework is to help CloudMine manage the security of assets such as financial information, intellectual property, employee details, and information and data entrusted to use by third parties. An independent body has audited our compliance with this standard and issued our ISO 27001:2013 certificate, which required annual audits to maintain. It is produced by an international regulatory body called the “International Standards Organization” (ISO) has two parts: ISO 27001 and 27002. ISO 27001 applies the principles of continuous improvement and risk-based decision making to the day-to-day operations of the business. ISO 27002 defines the specific security controls required by a company. Together, the purpose of this framework is to assure customers that a company is not going to mar their name or accidentally leak their NDA-protected information.

The EU Model Contract Clauses are designed to facilitate transfers of personal data from the European Economic Area to the United States, while providing appropriate safeguards for the protection of this personal data. These clauses offer an alternative means of fulfilling adequacy requirements, and therefore are an alternative to the now-defunct US Safe Harbor program.

Title 21 CFR 11 is the regulation that defines the criteria under which electronic records and electronic signatures are considered trustworthy, reliable, and equivalent to paper records for the FDA.