Trust and Compliance

We maintain a robust assurance program encompassing numerous platforms across industries. Our continuous monitoring program ensures we maintain our industry-leading secure framework as our customer base grows.

HITRUST

The HITRUST Cybersecurity Framework (CSF) evaluates against 19 domains of security covering a broad spectrum of administrative, physical, and technical controls. The HITRUST CSF encompasses all applicable HIPAA requirements as well as numerous best practices, structured in a maturity model to serve as a framework for higher levels of security.

Jori is HITRUST certified (see our HITRUST certificate) and attests at HITRUST’s Level 3, which is their highest standard.

HITRUST certification date

HITRUST certifications are effective for two years, starting from the submission dates stamped on the report. We maintain compliance with HITRUST controls throughout this period and re-attest in time to ensure there's no gap in coverage.

SOC 2

System and Organization Controls (SOC) 2 is an industry-standard, technology service provider report verifying compliance and controls pertaining to security and availability. Type 2 indicates that this is a multi-month, over-time evaluation period for compliance.

Jori has maintained SOC 2 compliance since July 2017. Refer to our SOC 3 report for an overview of our SOC 2 controls.

SOC2 and SOC3 compliance dates

SOC2 Type 2 and SOC3 reports represent an audit over a period of 6 to 18 months (we usually go for 12). So the dates you see on the reports will be for that reporting window.

Rest assured, Jori remains compliant year-round. We never have gaps in those audit windows, so you can always expect us to have a fresh report available within the coming year.

GDPR

General Data Protection and Regulation (GDPR) is a European Union (EU) law on data protection and privacy in the EU and European Economic Area. It is a cornerstone of EU privacy and human rights laws. Learn more about GDPR.

Redox is GDPR compliant. Refer to our privacy policy for details about our privacy procedures, including how to submit Data Subject Access Rights Requests (DSARs).

CCPA and CRPA

Learn more about the California Consumer Privacy Act of 2018 (CCPA), which gives consumers more control over the personal information that businesses collect about them. Also, read the CCPA regulations that provide guidance on how to implement the law. And don't forget about the California Privacy Rights Acts of 2020 (CRPA). Learn more about the CPRA amendment.

Redox adheres to all applicable regulations surrounding the CCPA and CPRA. See our CCPA disclosure.

HIPAA

Per the U.S. Department of Health & Human Services website, HIPAA standards are as follows:

To improve the efficiency and effectiveness of the healthcare system, the Health Insurance Portability and Accountability Act of 1996 (HIPAA), Public Law 104-191, included Administrative Simplification provisions that required HHS to adopt national standards for electronic healthcare transactions and codesets, unique health identifiers, and security.

Read more about HIPAA.

Redox adheres to all applicable U.S. federal and state regulations, including HIPAA.

NIST Cybersecurity Framework

National Institute of Standards and Technology (NIST) Cybersecurity Framework integrates industry standards and best practices to help organizations manage their cybersecurity risks. It provides a common language that allows staff at all levels within an organization—and at all points in a supply chain—to develop a shared understanding of their cybersecurity risks.

Redox works to align with these standards.

PreviousShared security modelNextPrivacy

Last updated