Security Policies
Bagel Health, Inc.
Bagel is committed to keeping customer and patient data private and secure. We keep your data safe so that you can focus on providing care. We take every precaution to ensure the safety and integrity of your data.
- Data Center Security: Bagel Health runs in highly secure data centers. Our hosting providers are regularly audited against comprehensive frameworks including SSAE 16 and ISO 27001. All Bagel Health services run within private, secure network layers, addressable only through whitelisted gateways.
- Data Encryption: All data is encrypted whenever possible. All traffic is encrypted in transit with SSL/TLS. All data is encrypted at rest with full key/data segregation. We also continually review our code for OWASP, CVE, and NVD-reported vulnerabilities.
- Data Access & Activity Audit: All data access is restricted to approved employees based on job function. All access is logged and stored for auditing and anomaly detection. All changes to customer data are tracked via audit logs.
- Web Application Security: Bagel Health applications are built with industry best practice safeguards such as input data validation, CSRF protection, and password encryption.
- Business Continuity: The Bagel Health platform is designed to be resilient. We continuously implement and test contingency and disaster recovery plans as part of our operations cycle. Encrypted backups are performed every 24 hours. Bagel Health uses only hardened, best-in-class configurations for all of our services.
- Implementation: Bagel Health’s security program is defined by a formal set of policies and procedures, which are reviewed regularly by our Chief Technology Officer and executive team.
Updated 6 December, 2018