Flock has completed the HITRUST CSF certification, a prescriptive security control framework designed for the healthcare industry.
This certification ensures that Flock's application platform maintains extensive security controls to not only keep all user data secure but also maintain HIPAA and HITECH compliance. Audit Report can be provided upon request.
Secure Data in Transit
All communications with Flock are transmitted over SSL (HTTPS) for access to both the public website as well as our API.
To ensure your data is transported in the most safest and secure way possible, our servers require TLS 1.2 which uses strong SHA-2 & 256-bit encryption
Secure Data at Rest
All data stored in our Datastores and Document repositories are encrypted using AES-GCM algorithms with 256-bit secret keys. These encryption keys are stored securely in a separate physical and logical location from the actual data.
External access is restricted via whitelisted internal IPs and access ports.
Continuous Security Reviews
Our infrastructure undergoes regular penetration tests, security and vulnerability scans along with compliance and security assessments performed by independent 3rd parties.
Flock’s infrastructure is SSAE16 SOC-1/SOC-2/SOC-3 Type II certified and hosted at premier data center facilities meeting stringent physical access controls.
Key individuals are only granted access after having received senior management approval as well as completed HIPAA and internal security training.
End to end access controls are reviewed every 60-90 days.
Data Availability and Recovery
All data is encrypted and backed up daily on a secure location in the U.S.
Annual recovery drills and process reviews are performed to ensure the systems and processes are working as expected.
Data replicas are maintained in a separate secure location to ensure availability.Infrastructure in place to maintain 99.9% uptime.
Continuous Network Monitoring
State-of-the-art monitoring technology deployed to track suspicious and anomalous behavior.
Inbuilt audit trails for all administrators and user activity across all layers of the infrastructure.
World class SIEM, HIDS and firewall technology deployed to ensure our security team can easily detect and mitigate any privacy and security threats to our customer’s data.
Strict Password Management
Sensitive data like user passwords are encrypted through hash and salt iteration.
All user data is securely locked down from any direct external access.
User passwords must be at least 8 characters long and should include at least one uppercase and one lowercase letter, one digit, and one special character.
Flock protects private information with an additional layer of security by requiring a time-bounded 8-digit authentication code.
Each device/browser needs to be re-authenticated every 90 days.
User accounts will be automatically locked after multiple failed login attempts.