We maintain a robust assurance program encompassing numerous platforms across industries. Our continuous monitoring program ensures we maintain our industry-leading secure framework as our customer base grows.
SOC 2 is an industry-standard, technology service provider report verifying compliance and controls pertaining to security and availability. Type 2 indicates that this is a multi-month, over-time evaluation period for compliance. Refer to our SOC 3 report for an overview of our SOC 2 controls.
Redox has maintained SOC 2 compliance since July 2017.
We are HITRUST certified—see our HITRUST certificate. The HITRUST Cybersecurity Framework evaluates against 19 domains of security covering a broad spectrum of administrative, physical, and technical controls. The HITRUST CSF encompasses all applicable HIPAA requirements as well as numerous best practices, structured in a maturity model to serve as a framework for higher levels of security.
We attest at HITRUST’s Level 3 (their highest standard).
Redox uses Stripe.js and Elements to collect card details from customers. Stripe automatically creates a combined SAQ A and Attestation of Compliance (AoC) (see our AoC). This is possible because Stripe’s Elements host all form inputs containing card data within an iframe served from Stripe’s domain so our customers’ card information never touches the Redox servers.
NIST Cybersecurity Framework integrates industry standards and best practices to help organizations manage their cybersecurity risks. It provides a common language that allows staff at all levels within an organization—and at all points in a supply chain—to develop a shared understanding of their cybersecurity risks.
Redox works to align with these standards.
From the U.S. Department of Health & Human Services website:
To improve the efficiency and effectiveness of the healthcare system, the Health Insurance Portability and Accountability Act of 1996 (HIPAA), Public Law 104-191, included Administrative Simplification provisions that required HHS to adopt national standards for electronic healthcare transactions and codesets, unique health identifiers, and security.
Redox adheres to all applicable US federal and state regulations, including HIPAA.
Learn more about the California Consumer Privacy Act of 2018 (CCPA), which gives consumers more control over the personal information that businesses collect about them. Also, read the CCPA regulations that provide guidance on how to implement the law.
Redox adheres to all applicable regulations surrounding the CCPA.