At EMS SOAP, security is foundational to everything we build. Healthcare data demands the highest level of protection, and we implement comprehensive security controls to safeguard patient information and maintain the trust of our customers.
We are actively pursuing SOC 2 Type II certification and HIPAA compliance, with Business Associate Agreements (BAA) available upon request.
All data stored in our database is encrypted using AES-256 encryption. This includes patient information, SOAP narratives, and all associated metadata.
All data transmitted between your browser and our servers is protected using TLS 1.2 or higher. We enforce HTTPS on all connections and implement HTTP Strict Transport Security (HSTS).
We maintain automated daily backups with Point-in-Time Recovery (PITR) capability, enabling restoration to any point within the retention window. Backups are encrypted and stored in geographically separate locations.
Our application is hosted on enterprise-grade cloud infrastructure with DDoS protection, edge network distribution, and automatic SSL certificate management. Our hosting provider maintains SOC 2 Type II certification.
We use a managed PostgreSQL database with Row Level Security (RLS), network isolation, and comprehensive audit logging. Our database provider is SOC 2 Type II certified.
User authentication includes support for multi-factor authentication (MFA), secure password policies, and protection against brute force attacks.
Our platform implements granular role-based access controls. Users are assigned roles (Admin, Manager, or Member) that determine their access level to organizational data and features.
Access to systems and data is granted on a need-to-know basis. Employees only have access to the resources necessary for their role, and access is regularly reviewed and revoked when no longer needed.
We maintain formal procedures for provisioning and deprovisioning employee access. Access is granted based on job requirements and removed immediately upon role changes or departure.
We use GitHub Dependabot for automated dependency scanning and receive alerts for known vulnerabilities in our software dependencies. Critical vulnerabilities are prioritized and addressed promptly.
Our APIs are protected by rate limiting to prevent abuse. We implement bot detection, block suspicious traffic patterns, and utilize edge-level DDoS protection.
We maintain a documented incident response program with defined procedures for detection, containment, eradication, and recovery. Security incidents are investigated and documented with lessons learned incorporated into our processes.
We are actively pursuing SOC 2 Type II certification with Vanta to demonstrate our commitment to security, availability, and confidentiality. Our compliance program includes continuous monitoring of security controls.
EMS SOAP is designed with HIPAA compliance in mind for healthcare organizations. We are actively working toward full compliance and offer Business Associate Agreements (BAA) upon request. We implement appropriate administrative, physical, and technical safeguards.
We comply with applicable data privacy regulations including GDPR and CCPA. Users have the right to access, correct, and delete their personal data. For privacy inquiries, contact us at brandon@emssoap.com.
For security-related questions or to request our security documentation, please contact us at brandon@emssoap.com.
At EMS SOAP, we take the security of our systems and user data seriously. We value the security research community and welcome responsible disclosure of any vulnerabilities you may find.
If you believe you have found a security vulnerability, please submit it through our HackerOne vulnerability disclosure program, or email us at brandon@emssoap.com.
Please include as much detail as possible to help us understand and reproduce the issue.
Submit a Vulnerability Report on HackerOneWe offer monetary rewards for qualifying vulnerability reports based on severity and impact. Reward amounts are determined on a case-by-case basis, taking into account the potential risk to our users and systems. Critical and high-severity vulnerabilities are eligible for higher rewards.
This is an active public bug bounty program. We appreciate security researchers who help keep our platform secure and reward valid vulnerability reports.