VCloud Interactive – Cloud Based Security
Our cloud infrastructure is designed to meet the security standards of our customers and the industries that they serve. We have performed rigorous audits to achieve PCI-DSS, SOC2, and HIPAA compliance, which means that our customers never need to worry about the security of their applications. By meeting these standards we’re particularly well-equipped to serve the Pharmaceutical, Finance/Banking and Healthcare Industries.
VCloud Interactive maintains physical and technical safeguards that protect the confidentiality and integrity of your electronic information.
All of VCloud Interactive’s applications and services reside in the AWS or Google Cloud platform. VCloud Interactive’s platform complies with the following:
· ISO 9001, 27001, 27017, 27018
· PCI DSS level 1
· SOC 1, 2, 3
· Gramm-Leach-Bliley Act, financial security
· HIPAA, protected health information
· HITECH, protected health transmission
• There is no electronic protected health information (ePHI) stored within our secure cloud environment. All ePHI that we transmit as a result of delivering our IVR services within our secure cloud environment is treated as confidential and private.
• Access to network equipment and systems within our secure cloud environment is provided only to authorized VCloud employees within our operations team. These systems and network devices can be accessed only via two- factor authentication.
• VCloud has a designated Information Security Officer. Our Information Security Officer has the responsibility for the development and implementation of VCloud’s information security policies, procedures, and technology.
• VCloud has established secure audit logging and tracking mechanisms that document any access to the secure cloud environment.
• VCloud has established training programs focused on privacy policies to inform employees on the handling of electronic protected health information data as required by HIPAA protocols.
Notice of Privacy
Under HIPAA, VCloud Interactive LLC is not a “Covered Entity”, but rather a “Business Associate” and also does not store any Protected Health Information (PHI) within its secure environment. Therefore, VCloud does not retain the ability to disclose any PHI to individuals because of this operating model.