PlanAllies™ Security Information
Last Modified: July 26, 2023
PlanAllies is committed to meeting and exceeding HIPAA data privacy and security requirements. Our Information Security Management Program (ISMP) is a comprehensive set of policies, procedures and technical controls that drives secure practices into all aspects of our business, including recruiting, vetting, training, operating, and auditing our secure platform. We leverage industry best practices for addressing HIPAA requirements, and we work with third-party auditors to regularly obtain SOC 2 Type II reports validating our security posture.
PlanAllies encrypts data that is at rest and in transit for all of our partners. We use tools such as Amazon Web Service’s Key Management System (KMS) to manage encryption keys using hardware security modules for maximum security in line with industry best practices.
PlanAllies utilizes some of the industry’s best application security experts for third-party penetration tests. By performing penetration tests, we are able to evaluate the source code, running application, and the deployed environment. PlanAllies uses high-quality static analysis tooling provided by GitHub Advanced Security to secure our product at every step of the development process.
PlanAllies uses Amazon Web Services to host our applications.
PlanAllies utilizes Vanta as a monitoring tool for security of data, people, devices and vulnerabilities.