Thoughtly Trust Center
Thoughtly is in compliance with security best practices, has implemented and is monitoring comprehensive controls, and maintains policies to outline its security procedures.
Compliance
Resources
SOC 2 Type II Report
HIPAA Internal Privacy Policy
Chief Information Security Officer (CISO) Policy
Data Classification Policy
Information Technology Leadership Committee Charter
Controls
Password rules enforced
Secure, unique authentication required for infrastructure access
Quarterly user access reviews performed
Firewall access restricted
Source code access restricted and changes logged
Data encrypted at rest
Encryption in transit over public networks
Secure disposal of electronic media containing sensitive data (PII, ePHI, etc.)
Customer data deleted after termination
Data Retention and Secure Deletion Policies
Secure connection means utilized
External Attack Surface Vulnerability Scanning & Remediation
Web application firewalls configuration
Source code changes tested and approved
Outsourced development security requirements managed
Anti-malware monitoring
Intrusion detection tool
Automated system capacity and performance monitoring
Infrastructure firewall
Centralized Log Collection and Monitoring
Business continuity plans ensure emergency functionality
Business continuity & disaster recovery plans documented and tested
Security incident logging and review
HIPAA Incident Response Policy and Procedures
Incident response procedures documented
Visitor sign-in, badging, and escort policy
Documented HIPAA Security Rule policy acknowledgment
Downstream compliance requirements with contractors enforced
Technology assets inventoried
Documented Vendor Management Program
Annual risk assessments performed
Confidentiality Agreement acknowledged by employees
Background checks performed on employees
Background checks performed on contractors
Security awareness training implemented
Whisteblower mechanism maintained
Multi-availability zones
Documentation available to internal and external users
Customer support channels available
Information security policies and procedures
Patch management process developed
Removable Media Use Restricted and Encrypted
Mobile Device Management (MDM) and BYOT
Production system hardening and baseline configuration management