Security Policy

The security of your User Data is important to us. We have implemented physical, electronic, and managerial procedures to safeguard and secure User Data from unauthorized access.

Physical Procedures

OrbitalRX production hardware, systems software, application software and databases are hosted by Amazon Web Services (AWS) in secure facilities. AWS is responsible for facility access, security, disaster recovery and maintenance records for the systems and infrastructure underlying the OrbitalRX services. Amazon’s controls for physical security are included in their Overview of Security Processes: https://d1.awsstatic.com/whitepapers/Security/AWS_Security_Whitepaper.pdf

Electronic Procedures

Electronic systems and data are subject to the following set of policies and procedures:

Access Control / Minimum Necessary

OrbitalRX adheres to the principles of Minimum Necessary access and Least Privilege when granting access to electronic systems.

Password

All OrbitalRX systems require complex passwords. Internal systems require additional authentication for access, such as multifactor authentication, VPN, and/or physical access.

Encryption/Decryption

All data residing on and transmitted from and between OrbitalRX systems is encrypted at least to industry standards.

Logging and Monitoring

All OrbitalRX systems are monitored, and all activity is logged in secure centralized repositories.

Backup

OrbitalRX systems, databases, and code are backed up on a frequent and periodic cadence.

Managerial Procedures

All OrbitalRX operations, including those related to production systems and data, must adhere to the following procedures and policies:

Data Classification

All data in the OrbitalRX system is classified into one of four categories: Public, Confidential, Restricted, or Protected. Each level of classification is treated with an appropriate level of security and permissions.

Risk Assessment

Risk assessments are performed at least annually, and mitigations are prioritized as part of development cycles. Risk assessments are also performed for vendors prior to engaging that vendor’s services.

Change Management

OrbitalRX utilizes best practices in tracking, managing, communicating, and deploying changes to the platform. All code changes and infrastructure changes are captured in source control. Major changes are communicated to customers via email.

Incident Response and Disaster Recovery

OrbitalRX maintains and regularly tests procedures to manage security incidents and disaster scenarios.

Sanctions

OrbitalRX will appropriately discipline employees and other workforce members for any violation of security policy or procedure to a degree appropriate for the gravity of the violation. These sanctions include, but are not limited to, re-training, verbal and written warnings and immediate dismissal from employment.