Safer data by design

Security design is our first principle

Architecture Overview
We are cloud-native, built on the Microsoft Azure and Amazon Web Services cloud platforms. Our platform incorporates design ideas from big data and the modern data stack, allowing us to ingest and process terabytes of data in hours and keep all that data online at all times. The Lockbox was built to be a secure storage system. It incorporates modern security principles like least privilege, separation of duties, defense in depth, minimization of attack surface area, and redundancy and security by design.

Data AccessAccess to data is granted only with a valid business need, and just-in-time permission grants are employed using native AWS or Azure tooling. All data is encrypted from the moment it reaches the Lockbox with client-specific encryption keys stored in a hardware security module. All actions related to client data are logged. No data is shared with vendors without client approval.

Data SecurityThe Lockbox uses encrypted communication channels and encrypts all data using client-specific keys. Data at rest is encrypted and isolated per client. We require multi-factor authentication, record and audit all access, and employ granular access controls to enforce least privilege principles.

Industry Standards and CertificationsThe Lockbox complies with HIPAA regulations, the NIST Cybersecurity Framework, and leading data security and privacy best practices, including encryption of all Lockbox content with client-specific encryption keys and audit logging of all access to PHI. We maintain a SOC 2 Type 2 certification for the Security, Confidentiality and Availability principles, and an ISO 27001:2022 certification issued by Marcum RAS for Lockbox services. All systems undergo annual re-audits.