Built with Security in Mind

ResolveHD understands just how vital privacy and security are when it comes to health data.

ResolveHD’s ResAI has been purpose-built to handle health data. Security is fundamental in its construction.

As a Software as a Service (SaaS) application, ResolveHD’s ResAI embraces the Shared Security Responsibility Model (SSRM) which outlines the division of security responsibilities among cloud computing providers, ResolveHD, and our customers. Alongside your trusted cloud computing provider, ResolveHD handles security configurations like data encryption and access control, while customers manage access configurations and user-related tasks within the application.

ResolveHD focuses on four security principles: 

  • Emphasizes user management with the principle of least privilege. ResolveHD enforces least privilege across systems, tightly controlling production access. Privileged Access Management (PAM) is employed, requiring approval for access requests, with access duration limits and activity logs for oversight. Quarterly reviews ensure security.

  • Focuses on architectural security and privacy measures. ResolveHD's multi-tier SaaS application in Google Cloud comprises distinct layers, with security mechanisms like web application firewalls deployed between layers. Authentication options include SSO via SAML or multi-factor authentication with hashed passwords. Data storage is geographically redundant, with continuous backups encrypted using AES 256. Encryption at rest and in transit is standard, utilizing TLS 1.2 or higher and AES 256. Monitoring and logging are maintained at every architectural level, with log data retained for at least a year. Security events prompt immediate response from ResolveHD teams. Physical security measures are upheld by Google Cloud.

  • Stresses continuous security education. ResolveHD conducts security awareness training for employees and contractors upon hire and annually thereafter, along with background checks. Engineering personnel undergo secure development and OWASP 10 training annually. Regular security awareness sessions are held during company meetings.

  • Emphasizes alignment with industry security and privacy standards. ResolveHD maintains an information security management system (ISMS) audited annually for compliance. SOC2 compliance is pursued through third-party audits. Privacy compliance includes adherence to global data protection regulations like PIPEDA and GDPR.

ResolveHD knows how important security is to health data. Our focus on security fosters trust and confidence among customers and stakeholders.

Learn more about ResolveHD’s absolute commitment to data privacy and security.