Security and privacy

At Rimsys, security and data privacy are first-order considerations. We’ve built industry-leading security into every aspect of our business, and are trusted by some of the world’s largest medtech companies.

Investing in your security

We follow international standards and industry best practices to protect the security of our customers’ data.

AICPA SOC
ISO 27001
FDA Comliance
GDPR
GxP

Security features

Product security

  • SSO via SAML or OAuth: Sign in through your preferred identity vendor (OKTA, Azure Active Directory, etc.), and support 2FA.
  • Role-based access controls: Grant and restrict capabilities based on specific roles and authorities with granular access controls.
  • Audit logging: All requests against your account are automatically listed and stored.
  • Session control: Every request on the application is validated by a unique bearer token that is generated upon login.

Infrastructure security

  • Data encryption: 100% of data is encrypted at transit and at rest. Client communications are forced through HTTPS (secure sockets).
  • Password protection: All customer passwords are stored in encrypted formats.
  • Data segregation: Customer data is logically segregated from each other and stored in separate AWS S3 buckets.
  • Back-up and recovery: All data is regularly backed up, and database instances are replicated for automatic fail-over.

Risk & compliance

  • Privacy: Our privacy program operates in accordance with GDPR and CCPA regulations for all users. Read our privacy policy to learn more.
  • 3rd-party audits: We undergo a SOC 2 Type 2 audit annually and an ISO 27001 audit every three years by third-party assessors.
  • Penetration tests: We engage with a third-party to conduct application and infrastructure-level penetration tests on an annual basis.
  • Vendor audit and approval: We perform a thorough compliance review and approval process before licensing or using any third-party tools.

Company security

  • Endpoint management: We deploy endpoint protection and device management software on all devices.
  • Role-based access controls: Grant and restrict capabilities based on specific roles and authorities with granular access controls.
  • Employee permissions: Employees receive minimum permissions by default, and are only granted additional access on an as-needed basis. Regular access reviews are performed to enforce the policy of least privilege.
  • Office security: Our offices require badge-access at all times to gain entry.
Want to learn more about Rimsys?
Contact us for a free demo