Built on a Foundation of Trust
DocBuddy takes threats to the availability, integrity, and confidentiality of our clients’ information seriously and performs regular staff training on security and privacy. DocBuddy holds both ISO 27001:2022 certification and a SOC 2 Type II attestation report, underscoring our commitment to rigorous information security standards. Our ISO 27001:2022 certification and SOC 2 Type II attestation were both issued by A-LIGN, an accredited certification body and audit firm with the ANSI National Accreditation Board (ANAB).
A-LIGN
The world’s leading cybersecurity compliance auditor
A-LIGN, an independent, third-party auditor, certifies DocBuddy’s technical controls and formalized IT Security policies and procedures.
Compliance with this internationally recognized standard confirms that DocBuddy’s security management program is comprehensive and follows leading practices starting with secure development processes, data encryption in transit and at rest, regular vulnerability scans and penetration tests, and firewalls and intrusion monitoring and logging for cloud environments.
DocBuddy is also compliant with Quebec’s Law 25, the Personal Information Protection Act (PIPA), the Personal Health Information Protection Act (PHIPA), the Personal Information Protection and Electronic Documents Act (PIPEDA), the Health Information Act (HIA) and the Health Insurance Portability and Accountability Act (HIPAA).
For more information please read the Privacy Policy or contact security@docbuddy.com.