COMPLIANCE & SECURITY

 

ITM TwentyFirst understands that the security and availability of our customers' data is vital to their business operations and our own success. We use a multi-layered approach to protect that key information, constantly monitoring and improving our application, systems, and processes to meet the growing demands and challenges of security.

Availability

Our system is housed in a Tier 4 Data Center with full physical security and redundant power, cooling and networks with 24/7 monitoring. We backup critical data in real time onsite and store an encrypted backup daily at multiple data centers to prevent data loss and maintain data integrity. We regularly test and improve our backup and disaster recovery plans to reduce potential downtime in case of an emergency.

Network Security

Our network security incorporates several layers to protect from external threats, segregate internal traffic and protect against application specific threats. We have intrusion detection alerts logged to a dedicated security event management system with 24/7 monitoring.

Confidentiality

In addition to our commitment to keep our systems secure, ITM TwentyFirst has adopted and implemented comprehensive policies and procedures focused on employee compliance with HIPAA and confidentiality laws. We also do routine employee background checks and compliance training to keep ourselves up to date with the latest practices and regulations.

Third-party Testing and Assessments

Knowing that even the best procedures and systems could have a weakness, ITM TwentyFirst regularly uses third parties to test and audit our security controls. We conduct monthly network security assesments, annual third party application security reviews and penetration tests. ITM TwentyFirst follows AICPA Trust Service Principles for system Security, Availability, Processing Integrity, Confidentiality, and Reliability. On an annual basis, ITM TwentyFirst obtains an independent third party validation of our system and practices as part of an annual SSAE-16 SOC 2 audit.