AllClear ID Health, Inc. successfully completed the AICPA Service Organization Control (SOC) 2 Type 1 audit. The audit confirms that AllClear ID’s information security practices, policies, procedures, and operations meet the SOC 2 standards for security.
An unqualified opinion on a SOC 2 Type 1 audit report demonstrates to AllClear ID’s current and future customers that they manage their data with the highest standard of security and compliance.
Customers and prospects can request access to the audit report here.
AllClear ID delivers services to organizations who may be defined as Covered Entities under HIPAA. Due to the nature of the services we provide, the company has undergone a comprehensive review of its administrative, technical, and physical safeguards to ensure the protection of e-PHI. This includes:
Ensuring the confidentiality, integrity, and availability of all e-PHI created, received, maintained, or transmitted
Identifying and protecting against reasonably anticipated threats to the security or integrity of the information
Protecting against reasonably anticipated impermissible uses or disclosures
Ensuring compliance by our workforce
AllClear ID has implemented the following administrative and technical Security Controls.
As part of our security management process, AllClear ID conducts annual risk assessments including likelihood and impact of potential risks. Risk assessments helps ensure that controls are appropriate to address the needs of the organization. Conducting annual assessments ensures that organizations continue to provide the highest level of security for the data that they have been entrusted to protect.
AllClear ID has implemented a security management process, including appropriate standard operating procedures and policies. A security manager has been assigned to help develop and review procedures and policies. Staff are kept up to date with changes and are trained on HIPAA and security annually. Internal review of these safeguards is undertaken regularly to ensure compliance and for continual improvement.
AllClear ID has implemented appropriate technical safeguards including authentication and authorization for our employees and for user of our applications. Appropriate auditing and integrity controls are in place. All data transmissions to the data centers require encryption. Additional systems have been implemented where appropriate to ensure the highest level of security for our hosted applications.
Effective date: Mar 7, 2022
To support the delivery of our Services, AllClear ID may engage and use data processors with access to certain Service Data (each, a “Subprocessor”). This page provides important information about the identity, location and role of each Subprocessor. Terms used on this page but not defined have the meaning set forth in the applicable agreement between Customer and AllClear ID (the “MSA”).
AllClear ID currently uses third party Subprocessors to provide infrastructure services, and to help AllClear ID provide customer support and email notifications. Prior to engaging any third party Subprocessor, AllClear ID performs diligence to evaluate their privacy, security and confidentiality practices and executes an agreement implementing its applicable obligations.
AllClear ID may use the following Subprocessors to host Service Data or provide other services infrastructure that helps with delivery of the Services:
Cloud Service Provider – United States
Mobile Application Services
AllClear ID may use the following Subprocessors to perform other Service functions:
The Subprocessors used by AllClear ID may change over time. AllClear ID will update this page with notice of any new or different Subprocessors as appropriate and necessary.