Security at CareValidate

Security Information

Last Updated: December 14, 2022

Data Security

CareValidate encrypts data at rest and in transit for all of our customers. We use Google Cloud Platform's Cloud Key Management tool to manage encryption keys using hardware security modules for maximum security in line with industry best practices.

Application Security

CareValidate regularly engages some of the industry’s best application security experts for third-party penetration tests. Our penetration testers evaluate the source code, running application, and the deployed environment.

CareValidate also uses high-quality static analysis tooling provided by Snyk and GitHub Dependabot to secure our product at every step of the development process. We fix all vulnerabilities as soon as they are detected.

Infrastructure Security

CareValidate uses Google Cloud Platform and Heroku to host our web applications, backend servers, and databases. We make full use of the security products embedded within the GCP system.

SOC 2 Compliance

CareValidate is SOC 2 Type 1 compliant, and is currently in the process of acquiring SOC 2 Type 2 compliance.

SOC2 Compliant

Ready to start?
Contact us.

We'll help you decide on the right care solution.