Security Program Highlights
Data Security
SRX encrypts data at rest and in transit for all of our customers. We use tools like Azure Key Vault to manage encryption keys for maximum security in line with industry best practices.
Application Security
SRX regularly engages some of the industry’s best application security experts for third-party penetration tests. Our penetration testers evaluate the source code, running application, and the deployed environment.
SRX also uses high-quality static analysis tooling such as SonarQube, Snyk, Mend, OWASP ZAP to secure our product at every step of the development process.
Infrastructure Security
SRX uses Microsoft Azure to host our application. We make full use of the security products embedded within the Microsoft Azure ecosystem, including but not limited to Security Center, DDOS protection, Front Door.
In addition, we deploy our application using containers run on Microsoft Azure managed services, meaning we typically do not manage any virtual machines instances in production.
HIPAA Compliance
SRX is a certified HIPAA-compliant company. All exchanges and data are securely protected and stored in accordance with HIPAA regulations. We use Vanta to integrate with our application and platforms to demonstrate our compliance.
SOC 2 Compliance
SRX is now SOC 2 Type II Certified through AICPA. At every stage, your facilities' and your patients' data is secure with us.
