Trust Center

We’re committed to providing secure and reliable systems and services.

Security & data privacy

Physical, technical, and procedural controls to ensure personal data and confidential information are secure and retrievable.

Regulatory compliance

Suvoda’s QMS, systems, and services adhere to applicable regulatory and industry organization guidelines, both domestic and global.

High availability architecture

Suvoda AWS data centers utilize multiple availability zones which are designed to ensure optimal performance and uptime.

 

Certifications

SOC 2 Type 2 Compliance

AICPA SOC 2For our IRT, eCOA and eConsent services, we undergo a SOC 2 Type 2 audit each year. At the conclusion of the audit, the auditor issues an independent auditor report (“opinion”) on the description of the system, controls design, and controls operating effectiveness throughout the period subject to audit. This report includes information about controls that have been designed, implemented, and operated to provide reasonable assurances that its service commitments and system requirements would be achieved based on the Trust Services criteria relevant to security, privacy, and confidentiality set forth in TSP section 100, 2017 Trust Services Criteria for Security, Availability, Process Integrity, Confidentiality, and Privacy (AICPA, Trust Services Criteria). Customers who have a signed confidentiality agreement with us can request a copy of this report.

Request report

 

ISO 27001 Compliance

For our Greenphire Patient Payments and Site Payments services, we undergo an ISO 27001 audit (full audit every three years with partial audits each year) to maintain our ISO 27001 Certification. We hold ourselves accountable for the rigorous security standards of the International Standard Organization’s (ISO) standards which assesses our implementation of a well-defined Information Security Management System (ISMS) and our adoption of industry leading practices to safeguard our customer’s data. Customers who have a signed confidentiality agreement with us can request a copy of this certificate.

 

SOC 1 Type 2 Compliance

For our Greenphire Patient Payments and Site Payments services, we undergo a SOC 1 Type 2 audit each year. At the conclusion of the audit, the auditor issues an independent auditor report (“opinion”) on the description of the system, controls design, and controls operating effectiveness throughout the period subject to audit. This report includes information about controls that have been designed, implemented, and operated to provide reasonable assurances that its service commitments and system requirements would be achieved based on the Trust Services criteria relevant to financial controls set forth in SSAE 18 AT-C 320. Customers who have a signed confidentiality agreement with us can request a copy of this report.

 

PCI DSS Compliance

For our Greenphire Patient Payments and Site Payments services we undergo an annual Payment Card Industry Data Security Standard (PCI DSS) compliance assessment utilizing a Self-Assessment Questionnaire D (SAQ-D). A qualified third-party assessor reviews our responses and validates that the described controls and implementations align with PCI DSS requirements. The assessment includes a technical evaluation of PCI-in-scope network architecture, system configurations, and security controls to ensure appropriate protection of the cardholder data environment (CDE). Upon completion, the assessor issues a formal Attestation of Compliance (AOC). Customers who have a signed confidentiality agreement with us can request a copy of the AOC.

 

Data Privacy Framework

data-privacy-framwork-programSuvoda self-certifies to the EU-U.S. Data Privacy Framework program (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework program as set forth by the U.S. Department of Commerce, for non-HR data. The Data Privacy Framework enables participating companies to demonstrate their adherence to certain data privacy principles and practices.