Both role based and user based access controls are available for the Autonomize product suite

Autonomize's system is hosted in Azure is containers based.

All customer data is encrypted in-transit. Autonomize is committed to following encryption best practices per industry guidelines and continually reviews the rigor of current encryption standards.

All customer data is encrypted at-rest. Autonomize is committed to following encryption best practices per industry guidelines and continually reviews the rigor of current encryption standards.

Autoomize captures backups on a regular basis to ensure internal and customer data is protected from loss according to our Business Continuity and Disaster Recovery procedures.

Autonomizes terms of Service govern use of Autonomize associated software applications and websites.

We adhere to the highest regulatory standards and implement stringent measures to safeguard data privacy and security, fostering trust in our AI-driven healthcare solutions.

Cyber insurance is an integral part of security risk reduction at Autonomize. We maintain an insurance policy with cyber coverage in the event of a security incident that results in financial damages.

Personnel perform security and privacy awareness training on an annual basis. Topics covered include: Passwords, Mobile devices, Social Engineering, Physical security, Phishing and compliance with HIPAA.

In the event of a data breach involving customer data, notifications will be sent in accordance with the terms of the MSA.

Necessary, performance, and targeting cookies may be used to support our services.

We have a strong internal password policy that includes a requirement for MFA . Passwords are required to meet industry-leading complexity requirements and are stored in a company managed password manager.

Autonomize internal systems access is restricted by stringent access control measures monitored and updated according to industry best practices on a regular basis. Access to internal systems is adherent to the principles of least privilege and separation of duties, subject to regular review by administrators, documented with clear rationales for provisioning and changes, and revoked according to strict termination policies.

Autonomize's infrastructure is hosted by Azure.

At Autonomize, the production, staging, and development environments are maintained as distinct entities to safeguard operational integrity and data confidentiality. In these separate environments, customer data is strictly prohibited from use in non-production settings, thus ensuring that developmental and testing activities do not compromise data security.

We have a formal Business Continuity and Disaster Recovery plan, which is exercised, reviewed and approved annually. Autonomize also conducts regular testing of critical services, backup systems and operational infrastructure to ensure business continuity requirements are met. Our risk assessment program and business impact analysis are scoped across the organization, reflecting our commitment to preparedness across business areas.

All employee endpoints are centrally managed and secured using an MDM solution.

All employee endpoints are protected with an advanced EDR solution. Endpoint security signals are monitored regularly for anomalous activity.

To protect the confidentiality and integrity of information stored on all employee endpoints, Autonomize mandates full-disk encryption. Additionally, we continuously monitor endpoint security signals to promptly identify and investigate any anomalous activity.

Our network activity is logged with specialized detection logic in place to identify potential security threats such as unauthorized access or anomalous behavior. These systems are critical for the early detection of attacks, allowing us to identify attackers and other anomalous behavior and generate alerts for further investigation.

To safeguard our infrastructure, Autonomize utilizes a combination of traditional firewalls. These tools allow us to monitor and control the flow of network traffic, preventing unauthorized access and ensuring data integrity and security

Personnel perform security and privacy awareness training on an annual basis. Topics covered include: Passwords, Mobile devices, Social Engineering, Physical security, Phishing, GDPR and CCPA.