One Pagers

Suki Trust and Security Aug2021

Issue link:

Contents of this Issue


Page 0 of 1 The Suki name and logo are trademarks of Suki AI, Inc. © 2021 Suki AI, Inc. All rights reserved. 1 Trust & Security @ Suki We pride ourselves on our commitment to security so that we can safely deliver results that make a difference in the lives of physicians. We have enacted several types of security procedures around our product, the making of it, and how we handle data that is produced. Our systems have facilitated tens of thousands of medical notes for our customers while maintaining over 99% uptime, and we want to ensure that our doctors and their patients feel safe and secure when using our service. Suki employs industry-leading security measures to help ensure the authenticity, integrity, and privacy of data, both at rest and in transit. • Suki's products are accessed across the Internet from secure and encrypted connections (TLS 1.0-1.2) using high-grade 2048 bit certificates. • Each customer's data is logically separated with unique organization identities. Data is encrypted at rest automatically by our cloud infrastructure. • Individual user sessions are protected by unique session tokens. Customer Data Protection Application Security • Suki SDLC process ensures QA is performed before release. Suki also scans the code for security vulnerabilities before deployment. • Suki's SaaS services are based on proven and secure Open Source solutions and custom applications. • Applications and servers are regularly patched to provide ongoing protection from exploits. • Dynamic application analysis is performed regularly. • Third party application penetration testing for 2021 has been completed and is conducted on a semi-annual cadence. • Our solution is hosted on Google Cloud Platform. Google Cloud provides for world class physical and environmental controls that are documented and attested for in its SOC2 Type 2 report by an independent auditing firm. Physical security in our office includes badged access and security cameras. All workstations have antimalware and encryption. Physical and Environmental Security Network Access Controls • The solution uses public cloud services, is hosted within its own VPC and access to the applications is protected with virtual firewalls. • Access to Suki infrastructure requires multi-factor authentication and extensive access monitoring.

Articles in this issue

Links on this page

view archives of One Pagers - Suki Trust and Security Aug2021