Create® Information Security

We follow industry best practices and uphold the highest information security standard to protect the confidentiality, integrity and availability of our customers’ data.

 

Protect

Proactive Risk Management

24×7 real time monitoring and incident response

Regular External and Internal Vulnerability and Penetration testing

Risk-based security program focusing on continuous monitoring and evolution to support ongoing change in business, such as IT consumerization

 

Protect

Information Protection

HIPAA compliance, annual SOC 2 Type 2 attestation, and mandatory security awareness training

Layers of defense through Data Loss Prevention and Encryption of data in motion and at rest

Risk management framework including third-party vendor risk assessment

 

Security

Compliance and Security by Design

Security built into every part of the IT management process

Infrastructure and code-level tests integrated into code deployment process and configuration management process

Controlled and standardized build and update process per regulatory guideline

 

Recoverability

Resilience and Recoverability

Detailed Business Continuity Plan and Disaster Recovery runbooks validated through quarterly exercise

24×7 monitoring of the performance of internet-facing applications

Implementation of the latest technology, including secure cloud hosting service and redundant data center configuration to improve Create service reliability

Scroll Up