Examining America’s Eye Health Challenge and How to Solve It. Get the Report

Versant Health bringing you Superior Vision logo

Our Robust Security

Security and Compliance

Versant Health is committed to protecting the confidentiality, integrity, and availability of our customers’ data by maintaining a HITRUST certified information security program. Our robust control environment is carefully aligned with industry-standard frameworks like HIPAA and CIS and undergoes regular assessments to ensure compliance and excellence.

We proudly have the following security certifications and third-party attestations and reports:

Badge that says HIPAA compliant

HIPAA

We provide a 3rd-party audited HIPAA attestation to demonstrate alignment with HIPAA security and HITECH breach notification requirements.

HITRUST

We maintain a nationally recognized HITRUST certification, demonstrating our commitment to advanced healthcare security.

Badge that says AICPA SOC

SOC 2 Type II

We issue a SOC Type II report annually, available to existing and prospective clients. Reach out to your Versant Health representative to request a copy.

Achieving and maintaining these certifications each year demonstrates Versant Health’s unwavering commitment to securing our member’s data. This demonstrates our commitment to maintain the highest standards in managing risk and protecting health information.

Security Practices

Versant Health performs and monitors controls related to a consolidated framework traversing our certification audits.

  • Risk management controls are continuously monitored through internal and external audits. Risk is first on our minds in the design and execution of our control’s environment.
    • Risk to controls mapping
    • Incident tracking connected to risks
    • Quarterly reassessment
  • Security incident management controls ensures that interruptions to service are managed to our contractual requirements and that the impact on our customers is low.
    • Incident Response Plan (IRP)
    • Business impact assessment of critical systems
    • Business Continuity Disaster Recovery (BCDR) plans for critical systems
    • Quarterly cybersecurity incident response tabletop exercises
  • Access controls ensure systems are set up and monitored using the concept of least privilege. You will only see and touch what you need to in our systems.
    • User access management
    • Multi-factor authentication
    • Enterprise Single Sign On (SSO)
    • Adaptive authentication
  • Personnel security controls ensure people are trained and vetted.
    • Required background checks
    • 100% completion of annual security training
    • Enterprise phishing program
  • Third-Party Risk Management (TPRM) controls protect our company’s and customers’ interests, ensuring third parties are evaluated prior to providing goods or services
    • SOC1 and SOC2 review
    • Pen tests for our products
    • Required security clauses in TPRM contracts

Data Protection and Availability

  • Versant Health’s cybersecurity program is designed to ensure effective controls including:
    • Extended detection and response technology
    • Cloud-based secure web gateway for customers
    • Multi-site architecture
    • End point protections
    • Zero trust for access requests
    • Comprehensive audit trail reviews
  • Technical data safeguards / controls designed to protect and maintain the integrity of your information.
    • Data encryption – in transit and data at rest
    • Business Continuity Disaster Recovery (BCDR) program
    • Periodic system backups and recovery
    • Vulnerability management controls identify and remediate weaknesses related to patching
  • Physical security controls designed to ensure access to facilities is secure.
    • Office and data center badging
    • 24/7 surveillance for physical data centers
Skip to content