The security of your User Data is important to us. We have implemented physical, electronic, and managerial procedures to safeguard and secure User Data from unauthorized access.
Physical Procedures
OrbitalRX production hardware, systems software, application software and databases are hosted by Amazon Web Services (AWS) in secure facilities. AWS is responsible for facility access, security, disaster recovery and maintenance records for the systems and infrastructure underlying the OrbitalRX services. Amazon’s controls for physical security are included in their Overview of Security Processes: https://d1.awsstatic.com/whitepapers/Security/AWS_Security_Whitepaper.pdf
Electronic Procedures
Electronic systems and data are subject to the following set of policies and procedures:
Access Control / Minimum Necessary
OrbitalRX adheres to the principles of Minimum Necessary access and Least Privilege when granting access to electronic systems.
Password
All OrbitalRX systems require complex passwords. Internal systems require additional authentication for access, such as multifactor authentication, VPN, and/or physical access.
Encryption/Decryption
All data residing on and transmitted from and between OrbitalRX systems is encrypted at least to industry standards.
Logging and Monitoring
All OrbitalRX systems are monitored, and all activity is logged in secure centralized repositories.
Backup
OrbitalRX systems, databases, and code are backed up on a frequent and periodic cadence.
Managerial Procedures
All OrbitalRX operations, including those related to production systems and data, must adhere to the following procedures and policies:
Data Classification
All data in the OrbitalRX system is classified into one of four categories: Public, Confidential, Restricted, or Protected. Each level of classification is treated with an appropriate level of security and permissions.
Risk Assessment
Risk assessments are performed at least annually, and mitigations are prioritized as part of development cycles. Risk assessments are also performed for vendors prior to engaging that vendor’s services.
Change Management
OrbitalRX utilizes best practices in tracking, managing, communicating, and deploying changes to the platform. All code changes and infrastructure changes are captured in source control. Major changes are communicated to customers via email.
Incident Response and Disaster Recovery
OrbitalRX maintains and regularly tests procedures to manage security incidents and disaster scenarios.
Sanctions
OrbitalRX will appropriately discipline employees and other workforce members for any violation of security policy or procedure to a degree appropriate for the gravity of the violation. These sanctions include, but are not limited to, re-training, verbal and written warnings and immediate dismissal from employment.