Security Trust Center

Start your security review
View & download sensitive information
ControlK

ConnectiveRx Security Program

At ConnectiveRx, we prioritize safeguarding our customers' sensitive information. To achieve this, we’ve implemented a robust security program aligned with well-recognized security and privacy practices and regulatory obligations. Independent third-party assessments are conducted annually, including PCI, SOC 2 (Type II for Security, Privacy, and Confidentiality), HIPAA, and SOC 1 (Type II), to provide customers with additional assurance regarding our security and control environment. The security program is supported through governance, risk management, and periodic management review.

ConnectiveRx also supports ongoing security awareness for employees and maintains processes for identifying, reporting, and addressing potential security concerns.

Our dedicated Information Security Team is organized into key areas for maximum effectiveness:

  • Chief Information Security Officer (CISO): The CISO oversees the entire Information Security program, sets strategic direction, manages security investments, leads technical security functions, and informs the Executive Management Team of significant security and risk considerations.

  • Security Architecture: This function includes Security Engineering, and Application Security (AppSec). This team is responsible for designing and implementing secure architecture patterns, embedding security controls into systems and development lifecycles, guiding secure software development practices, and partnering with engineering teams to proactively identify and mitigate security risks across infrastructure and applications.

  • Sr. Director of Information Security GRC: This role leads the Governance, Risk, and Compliance (GRC) team. This team ensures our security policies and procedures are maintained and periodically reviewed, oversees governance and control assurance activities, manages third-party attestation audits, and oversees the Information Security Risk Management process including Third Party Risk.

  • Manager of Information Security Operations: This role leads the Information Security Operations team. This team supports day-to-day security monitoring and operational security activities, coordinates response to security events, and helps maintain the organization’s security platforms and capabilities.

Through this structure, ConnectiveRx maintains a proactive and comprehensive approach to information security.

Compliance

HIPAA Logo
HIPAA
PCI DSS Logo
PCI DSS
SOC 1 Logo
SOC 1
SOC 2 Logo
SOC 2

Documents

REPORTSBC/DR Test
REPORTSHIPAA Report
REPORTSPCI DSS AOC
REPORTSPentest Report
REPORTSSOC 1 Report
REPORTSSOC 2 Report

Risk Profile

Data Access Level
Impact Level
Recovery Time Objective
View more

Product Security

Audit Logging
Data Security
Role-Based Access Control
View more

Reports

BC/DR Test
HIPAA Report
PCI DSS AOC
View more

Data Security

Business Continuity & Disaster Recovery
Data Asset Classification
Data Destruction
View more

App Security

Responsible Disclosure
Code Analysis
Credential Management
View more

AI

AI Monitoring
AI Risk Management
AI Governance
View more

ESG

Anti-Bribery and Corruption
Code of Ethics

Legal

Cyber Insurance
Privacy Policy
Terms and Conditions

Data Privacy

Data Privacy Officer
Employee Privacy Training
Cookies
View more

Access Control

Data Access
Logging
Password Security
View more

Infrastructure

Status Monitoring
Amazon Web Services
Anti-DDoS
View more

Endpoint Security

Disk Encryption
DNS Filtering
Endpoint Detection & Response
View more

Network Security

Data Loss Prevention
Firewall
IDS/IPS
View more

Corporate Security

Asset Management Practices
Email Protection
Employee Training
View more

Policies

Requesting Policies
Security Policies and Procedures

Incident Response

Designated Response Personnel
Forensic Retainer
Incident Reporting Process
View more

Risk Management

Data Access/Impact Levels
Risk Assessments
Supply Chain Risk Management
View more

Asset Management

Asset Inventories (Hardware/Software)
Asset Tracking
Automated Asset Detection
View more

BC/DR

Alternate Processing/Storage Site
Business Continuity Management System (BCMS)
Business Continuity Plan (BCP)
View more

Training

Employee Privacy Training
Phishing Training
Secure Development Training
View more

Change Management

Change Advisory Board (CAB)
Change Control Board (CCB)
Change Management Program
View more

Physical & Environment

Access Monitoring
Alarms & Surveillance
Alternate Work Sites
View more

Continuous Monitoring

Data Loss Prevention System (DLP)
Event & Audit Log Management
File Integrity Monitoring (FIM)
View more
If you need help using this Security Trust Center, please contact us.
Contact support
If you think you may have discovered a vulnerability, please send us a note.
Report issue
Built onSafeBase by Drata Logo