We are committed to the highest standards of security and protection for our member and client data. We meet these standards through our layered security approach, which includes Security Awareness, Vendor Risk Management, Vulnerability Management, Penetration Testing, Risk Management, Policy Management, Access Control, Web Application Security, Physical Security, Endpoint Security, Business Continuity, Disaster Recovery, and Incident Management.
Elements of Security
A strong policy structure, evidenced by our Information Security Plan, which is reviewed and updated at least annually
Facility-specific emergency procedures, incident response plans, system development lifecycles, standard operating procedures, an employee handbook and code of conduct policies
Policy training for new hires, annual security training for all employees, and ongoing customized security awareness training tailored to specific jobs and roles
A Secure Software Development Lifecycle process that benefits our portals and applications, which are secured through end to end encryption, including encryption at rest and encryption in transit
Proven security processes to manage data loss prevention, firewall, intrusion prevention and endpoint protection.
SIEM application that enables in-depth threat analysis and response
Sarrell Dental & Eye also performs security risk and readiness assessments as part of its standard business process that encompasses standards including SANS20 Critical Controls, 23 NYCRR 500, Massachusetts 201 CMR 17.00, COSO, Commonwealth of Virginia Standard SEC501, HIPAA Security and Privacy Rules, HITECH, and HITRUST, among other frameworks.