Enter ensures users can configure roles for each organization they may need to manage, including full access, read and write, and read-only for their users.
Enter takes data availability seriously and employs a status and incident tracking system to monitor any outages. You can find this at https://status.enter.health/
Enter employs mature and comprehensive application security frameworks to ensure data is handled safely.
We employ continuous vulnerability and penetration testing both in-house and outsourced.
Our software development lifecycles include linting, unit tests, integration tests, static analysis, and known vulnerability scans.
Passwords are one-way hashed and sensitive keys are encrypted using Amazon KMS.
Enter hosts our application using data centers provided by Amazon Web Services and have many monitoring features enabled to ensure availability and security.
Enter ensures all data that we handle is encrypted while in transit (allowing only TLS 1.2+ cipher-suites)
100% of data stored at rest is encrypted using the latest encryption standards and products.
All IAM and user credentials are scoped to only what is necessary to get the job done for that role.
Production and sandbox accounts are provisioned within their own network segmented zones.
Enter is actively in the process of achieving our SOC 2 Type 2 certification.
We are HIPAA compliant and signing a BAA will ensure even stronger data controls.
We have some of the strongest privacy policies in the game. Please review them here.
All employees and contractors are trained at least annually on latest data security issues as well as HIPAA compliance.
All employee and contractor devices deploy with leading endpoint protection.
All access granted is continuously reviewed with least privilege philosophy being employed.
All internal resources must be access via a Virtual Private Network which requires two factors of authentication.
We don't store data on-premise