User Security
Enter ensures users can configure roles for each organization they may need to manage, including full access, read and write, and read-only for their users.
Uptime
Enter takes data availability seriously and employs a status and incident tracking system to monitor any outages. You can find this at https://status.enter.health/
Secure Frameworks
Enter employs mature and comprehensive application security frameworks to ensure data is handled safely.
Continuous Vulnerability Scanning
We employ continuous vulnerability and penetration testing both in-house and outsourced.
Secure Development Lifecycles
Our software development lifecycles include linting, unit tests, integration tests, static analysis, and known vulnerability scans.
Hashing and Encryption
Passwords are one-way hashed and sensitive keys are encrypted using Amazon KMS.
Monitoring
Enter hosts our application using data centers provided by Amazon Web Services and have many monitoring features enabled to ensure availability and security.
Secure Transport
Enter ensures all data that we handle is encrypted while in transit (allowing only TLS 1.2+ cipher-suites)
Secure Storage
100% of data stored at rest is encrypted using the latest encryption standards and products.
Least Privilege
All IAM and user credentials are scoped to only what is necessary to get the job done for that role.
Network Segregation
Production and sandbox accounts are provisioned within their own network segmented zones.
SOC 2
Enter is actively in the process of achieving our SOC 2 Type 2 certification.
HIPAA
We are HIPAA compliant and signing a BAA will ensure even stronger data controls.
Secure Storage
100% of data stored at rest is encrypted using the latest encryption standards and products.
Privacy
We have some of the strongest privacy policies in the game. Please review them here.
Training
All employees and contractors are trained at least annually on latest data security issues as well as HIPAA compliance.
Endpoint Management and Monitoring
All employee and contractor devices deploy with leading endpoint protection.
Access Review
All access granted is continuously reviewed with least privilege philosophy being employed.
VPN
All internal resources must be access via a Virtual Private Network which requires two factors of authentication.
Data in the Cloud
We don't store data on-premise