Create® Information Security

We follow industry best practices and uphold the highest information security standard to protect the confidentiality, integrity and availability of our customers’ data.



Proactive Risk Management

24×7 real time monitoring and incident response

Regular External and Internal Vulnerability and Penetration testing

Risk-based security program focusing on continuous monitoring and evolution to support ongoing change in business, such as IT consumerization



Information Protection

HIPAA compliance, annual SOC 2 Type 2 attestation, and mandatory security awareness training

Layers of defense through Data Loss Prevention and Encryption of data in motion and at rest

Risk management framework including third-party vendor risk assessment



Compliance and Security by Design

Security built into every part of the IT management process

Infrastructure and code-level tests integrated into code deployment process and configuration management process

Controlled and standardized build and update process per regulatory guideline



Resilience and Recoverability

Detailed Business Continuity Plan and Disaster Recovery runbooks validated through quarterly exercise

24×7 monitoring of the performance of internet-facing applications

Implementation of the latest technology, including secure cloud hosting service and redundant data center configuration to improve Create service reliability

Scroll Up