top of page

Security & Privacy

We take security seriously. In order to protect our customers, we must first protect ourselves.


Learn about our company security and compliance practices below.

at Dr. Know

Governance

Dr. Know develops and maintains Security and Privacy policies and controls, guided by industry best practices and frameworks.

 

Our trusted third-party partner, Vanta, continuously monitors our compliance with these policies and controls via a direct connection to our systems.

 

Annually, we prove our security and compliance posture to third-party auditors for certification. Dr. Know maintains HIPAA compliance and SOC 2 Type II certification.

Customers can view our compliance status anytime via our Vanta Trust Center.

Data Protection

Data at Rest
 

Customer data is stored securely within the Microsoft Azure cloud computing environment and is encrypted at rest.

Data in Transit
 

Dr. Know uses TLS 1.2 or higher everywhere data is transmitted over potentially insecure networks. Server certificates are managed inside Microsoft Azure.

Secret Management
 

Customer-specific encryption keys are managed inside Microsoft Azure and are used for encryption and decryption by our API.

Product Security

Dr. Know performs penetration testing at least annually. Our current testing partner is Acunetix, a leading industry expert.

 

We use the recommendations from these tests to improve, enhance, and patch our products and services appropriately and in a timely manner.

Product updates, issues, and patches are communicated to customers via our online status dashboard.

Dr. Know source code is maintained inside Microsoft Azure DevOps, delivering industry best practices directly to our development tools, processes, and teams.

Enterprise Security

Cloud Native

Dr. Know's products and services are built using cloud native, Platform-As-A-Service (PaaS) infrastructure. Compared to traditional on-premise and Infrastructure-As-A-Service (IaaS) software architectures, PaaS greatly enhances security as the underlying infrastructure is fully managed by the cloud vendor (Microsoft Azure).

 

Dr. Know upgrades each component of our technical architecture in accordance with Microsoft's underlying service requirements.

Secure Remote Access

Dr. Know limits and secures remote access to cloud resources using Azure VPN connections.

Security Education

Dr. Know provides comprehensive security training to all employees upon onboarding and annually through educational modules within the Vanta platform. In addition, all new employees attend a mandatory live onboarding session centered around key security principles. New engineers attend an additional session focused on secure coding principles and practices.

Identity & Access Management

Dr. Know uses Microsoft Azure to secure our cloud identity and access management.

 

Dr. Know employees, consultants, and vendors are granted access to applications based on their role, and are deprovisioned upon termination of their employment or contract. Further access is approved according to the requirements set for each application.

Vendor Security

Dr. Know uses a risk-based approach to vendor security. Factors which influence the risk rating of a vendor include: access to customer and corporate data, integration with production environments, and potential damage to the Dr. Know brand. Once a risk score has been determined, an approval decision for the vendor is made.

Data Privacy

At Dr. Know, data privacy is a first-class priority. We strive to be trustworthy stewards of all sensitive data.

View our Privacy Policy.

 

View our list of sub-processors at our Vanta Trust Center.

Security Concerns

Are you looking to report a security concern?

Submit your concern via our anonymous Whistleblowing Platform.

Get Started

Discover how we can unify your organization's reporting story, increase provider productivity, lower your costs, and unlock new business opportunities.

bottom of page