Compliance and Security
NetFoundry SOC 2 Compliance Report
System and Organization Controls Reports are independent third-party examination reports that demonstrate how NetFoundry achieves key compliance controls and objectives. The purpose of this report is to help you and your auditors understand the controls established by NetFoundry to support operations and compliance as detailed in the AICPA’s the Trust Services Principles and Criteria. A current NDA must in place with NetFoundry prior to any review of the NetFoundry SOC 2 report.
NetFoundry Customer Data Privacy Statement
The protection of private information is one of the most significant issues of the modern era to any modern business. NetFoundry takes these concerns very seriously. Fortunately, as NetFoundry does not maintain significant data at rest for customers, this is very straightforward. NetFoundry's business is the agility and security of data in motion, using dynamic and ephemeral keys to enable strong encryption.
NetFoundry Alignment to HIPAA
HIPAA, or the Health Information Portability and Accountability Act is a US law governing the handling of Protected Health Information (PHI) and Electronic Protected Health Information (ePHI) There are several areas where NetFoundry can assist a provider in meeting HIPAA standards. Below, you will find excerpts of the various bills that make up HIPAA overall, and an explanation of how NetFoundry can be of assistance in meeting these requirements.
508 Accessibility Statement
We are committed to providing on-demand enterprise applications accessible to all individuals. This includes working with assistive technology, such as speech recognition software and screen readers. To help meet our goal of universal design, NetFoundry follows the internationally recognized best practices in Section 508 of the Rehabilitation Act and the Web Content Accessibility Guidelines (WCAG) 2.0 Level AA to the extent possible.
We Are Veracode Standard Certified!
Our application security program ensures that first-party code is assessed with static analysis. We use automation to scan our code on a weekly basis and we provide our developers with remediation guidance.