ANRO Security Overview

By Dave Spinelli | Information Technology

At ANRO, ensuring the highest level of data security is our top priority. As a leading provider of secure data solutions, we recognize the critical importance of safeguarding sensitive information for our clients, particularly in today’s rapidly evolving digital landscape. In this blog post, we will highlight the stringent measures ANRO has implemented to maintain the utmost data protection standards. Our commitment to data security is demonstrated through our HIPAA compliance, SOC 2 Type 2 certification, Tier 4 data center, and utilization of a vCISO service.

 

ANRO is HIPAA compliant.

There are three safeguards in which we follow for HIPPA compliance:

  1. Administrative: Policies and procedures for managing workforce access to PHI, training employees on HIPAA regulations, and performing regular risk assessments.
  2. Physical: Measures to secure physical access to facilities where PHI is stored, such as facility access controls, workstation security, and device management.
  3. Technical: Implementing technologies to protect and control access to electronic PHI, including data encryption, secure access controls, and activity monitoring.

 

ANRO is SOC2 Type 2 certified.

SOC 2 Type 2 certification is an auditing procedure that demonstrates a service organization’s commitment to security, availability, processing integrity, confidentiality, and privacy. The Type 2 certification implies that an independent auditor has evaluated the organization’s controls, policies, and procedures over a specified period (usually 12 months) and has determined they are effectively implemented.

 

ANRO has a Tier 4 Data Center.

Our Tier 4 data center is designed with full redundancy, which means they have multiple, independent power and cooling sources, as well as fully fault-tolerant infrastructure. This ensures the highest level of availability, typically guaranteeing 99.995% uptime, minimizing downtime and reducing the risk of data loss or disruption. A tier 4 data center is the most highest-ranking data center tier on a security basis

 

ANRO uses a vCISO service.

We also have a vCISO service which is a 3rd party company that is our full-time Chief Information Security Officer.

The vCISO service helps develop ANRO’s policies with the following:

  1. Security strategy development: Creating and implementing a comprehensive information security plan aligned with the organization’s goals and risk tolerance.
  2. Policy and procedure development: Establishing information security policies and procedures that comply with relevant regulations and industry best practices.
  3. Risk management: Identifying, assessing, and mitigating cybersecurity risks to the organization.
  4. Compliance management: Ensuring the organization meets the requirements of applicable laws, regulations, and industry standards, such as GDPR, HIPAA, or PCI-DSS.
  5. Incident response planning: Developing and maintaining an incident response plan to effectively handle potential security breaches.
  6. Security awareness training: Educating employees on cybersecurity best practices and their role in protecting the organization’s information assets.