Security
Security is a top concern at Midigator. It is incorporated into the very core of our products and procedures. The following best practices serve as a foundation for our security standards at Midigator.
End-to-end encryption ensures your information is safe as it travels over the internet.
Firewalls detect and prevent potentially unauthorized access to our network and your data.
An automated time-out feature protects your data after periods of inactivity.
Security tools constantly monitor for breach attempts and newly-emerging cyber threats.
Routine penetration tests check for areas of vulnerability and proactively reduce potential risk exposure.
Data is hosted using the highest-level AWS services creating a highly-secure environment.
Ongoing employee training and spot checks ensure a company-wide commitment to security excellence.
Security & Compliance FAQ
Learn more about Midigator’s view on security and compliance.
Businesses use Service Organization Control (SOC) as a reporting framework to communicate their risk management program and as a benchmark for compliance with expected standards.
The business’s operating environment will determine which SOC category is applicable. For Midigator, the applicable classification was SOC 2 Type 1.
• SOC 2: Outlines the design and implementation of a company’s controls in the areas of security, availability, processing integrity, confidentiality, and privacy
• Type 1: Reports on the description of the organization’s system and the suitability of the controls
After creating a report that outlines the company’s security controls, an independent third-party will conduct an audit to determine compliance with the internationally-recognized standards. The company chooses which trust principles to audit, since the focus depends on the specific operating environment of the organization under review.
The results of a SOC 2 audit help identify vendors who are credible and comply with high expectations for security.
Yes! On March 31, 2018, Midigator’s SOC 2 report was classified as unqualified or clean. This means the auditor noted no exceptions to the standard; all our controls are fully compliant.
SOC 2 compliance is audited every year. Midigator will undergo annual audits conducted through an independent third-party to maintain SOC 2 compliance.
Interested in a copy of our SOC 2 report? Contact our security and compliance team at compliance@midigator.com.
Midigator is out of scope for PCI-DSS. This means we are not required to comply with these standards, nor are they an effective method for evaluating our security controls.
Midigator does not store, process, or transmit full cardholder data—a qualifying requirement for PCI-DSS.
A Payment Card Industry Qualified Security Assessor (PCI QSA) has evaluated our production environment and confirmed that Midigator is outside PCI-DSS scope. If you’d like to review a copy of this report, contact our security and compliance team at compliance@midigator.com.
PCI-DSS was created by the card networks as a way to ensure cardholder data is kept safe. The standard is used to regulate any entity that processes, stores, or transmits full account numbers.
Because PCI-DSS is a well-known standard in the payment industry, it’s often mistakenly assumed that all organizations must be compliant. However, if an organization only comes in contact with partial account numbers—like Midigator—PCI-DSS regulations aren’t applicable.
At Midigator, we felt SOC 2 compliance was a more appropriate standard for our organization than PCI-DSS. SOC 2 is a holistic, comprehensive standard that helps us protect all information assets and systems, not just cardholder data.
Sure! Clients and partners who are interested in a copy of our SOC 2 report can contact our security and compliance team at compliance@midigator.com.
It is not necessary for Midigator to access your patients’ protected health information (PHI). Our client success managers will help ensure sensitive data doesn’t enter our system.
We’ll do our very best to keep your information secure, but we’ll also need your help to ensure the most complete protection possible.
• Don’t share your username or password with anyone. Midigator offers unlimited user accounts; we don’t charge per seat. If you’d like to add another user to your company’s account, email support@midigator.com.
• Create strong passwords that are difficult to guess. Use a combination of upper and lower case letters, numbers, and special characters. Alternatively, you could choose to use a natural language phrase, written out in sentence format (spaces, punctuations marks, and all). This is both much easier for you to remember and much harder for a malicious party to crack.
• If you see something, say something! If you think your user account has been compromised or you detect a vulnerability in the system, contact customer service right away. Customer service can be reached at 1-800-960-2184 or support@midigator.com.
Midigator uses Transport Layer Security (TLS) . We also require the use of a browser which supports 128-bit encryption to log in to the app.
If you detected a vulnerability in Midigator or suspect your online account has been compromised, please report your concerns so we can resolve the issue as soon as possible.
Contact customer service at 1-800-960-2184 or support@midigator.com.
Compliance
Midigator is compliant with all security regulations applicable to the services we provide. We regularly seek third-party evaluations and certifications to verify our compliance.
SOC 2® Type 1 Compliance
Midigator’s Service Organization Control (SOC) 2 reports are reviewed annually by a certified third party.
These SOC 2 audits examine our company’s security controls and confirm we have exemplary systems in place to maintain data security and integrity.
Privacy & Confidentiality
All data that is shared with Midigator is considered 100% private and confidential. We sign mutual non-disclosure agreements with every client to ensure the integrity of information exchanged between us.
Privacy Shield Certification
Midigator holds certifications through the US Department of Commerce’s Privacy Shield framework. These certifications recognize that Midigator honors national and international privacy laws, including EU-US and Swiss-US data compliance.
Availability
Midigator technology offers optimal performance with high availability.
Maximum Uptime
Data is automatically replicated and stored in several different locations. This ensures your information is always available and ready for use.
Quality & Performance
Our dynamic technology is in a constant state of review to ensure the best user experience and ongoing protection against emerging threats.
Incident Response
Midigator has a formal response plan for incidents, including efforts to reduce the impact, decrease resolution timelines, and eliminate repeat occurrences.