DataCare’s commitments to security, availability, confidentiality, and processing integrity
We take the security of your data very seriously at DataCare. We aim to be as clear and open as we can about the way we handle security.
If you have additional questions regarding security, we are happy to answer them. Please contact your Account Manager and we will respond as quickly as we can.
Click DataCare Security Overview for complete details.
We’re committed to making DataCare a highly-available service that you can count on. Our infrastructure runs on systems that are fault tolerant, for failures of individual servers or even entire data centers. Our operations team tests disaster-recovery measures regularly and staffs an around-the-clock on-call team to quickly resolve unexpected incidents.
We operate two data centers to provide data backup and redundancy in case of a disaster. The primary data center is in Santa Clara, California, and the backup is in Las Vegas, Nevada. The Las Vegas site is configured as a warm backup. In the event of a disaster we can quickly transition traffic from the primary to the backup site. The disaster recovery plan is tested once a year to confirm that our processes and tools work as expected.
DataCare maintains an extensive, centralized logging environment in its production environment which contains information pertaining to security, monitoring, availability, access, and other metrics about the DataCare services. These logs are analyzed for security events via automated monitoring software, overseen by the security team.
We place strict controls over our employees’ access to the data you and your users make available in DataCare applications. And we are committed to ensuring that customer data is not seen by anyone who should not have access to it. The operations of DataCare requires that some employees have access to the systems which store and process customer data. For example, in order to diagnose a problem you are having, we may need to access your customer data. We have technical controls and audit policies in place to ensure that any access to customer data is authorized.
All of our employees and contract personnel are bound to our policies regarding customer data and we treat these issues as matters of the highest importance within our company.
We do not release confidential information to third parties without written authorization of client administrator.
DataCare conducts background checks on all employees before employment, and employees receive privacy and security training during onboarding as well as on an ongoing basis. All employees are required to read and sign our comprehensive information security policy covering the security, availability, and confidentiality of the DataCare services.
Additional Security Features for Client and DataCare Users
We log every time a user account signs in, noting the data and time of the connection. Access to these logs may be made available upon request from your Account Manager.
Single Sign On
Client’s can integrate their DataCare environments with single-sign-on (SSO) authentication setup via Simple SAML. Instructions for doing this are available upon request from your Account Manager.
Within Ahshay there are several input validation fields and dropdown menus to ensure users are selecting from predefined lists or existing data records, which are kept in sync with clients daily or in real-time, and prevent duplications.
Any time users are updating data or viewing documents, these actions are logged in the system. Access to these logs may be made available upon request.
By default, DataCare retains customer data for the life of the subscription. Unless requests to destroy data are made upon contacting your Account Manager.
Deletion of Customer Data
Upon termination of subscription, DataCare initiates the data destruction process by contacting the client and either providing access for client to retrieve data them self, or DataCare provides data on external media, within one week. Within 90 days of termination, DataCare permanently destroys all information from production, backup, development, and test environments. A Certificate of Destruction may be provided upon request.
When data storage devices reach their end of life, they are destroyed or sanitized by a NIST SP 800-88 compliant process.