Security and Controls

The security of our application and our clients’ patient information is a top priority for our team. Below you will find information and resources that show our continuous commitment to privacy and security.

WeInfuse is SOC 2 compliant

We are proud that WeInfuse is SOC 2 compliant. This certification demonstrates our dedication to maintaining the highest standards of data security and privacy for our clients and partners. Prospects, partners, and current clients may request our letter of attestation and/or our complete SOC 2 report from our WeInfuse Trust Page.

Aptible + WeInfuse
SOC 2, Type 2, secured by Aptible

Our platform and hosting is provided by Aptible

Aptible is more than a hosting company. It is a platform as a service (PaaS) we use to secure our processes and data. Aptible uses Amazon Web Services (AWS) to host our solution through its platform. A complete list of services provided to WeInfuse by Aptible can be found here, and the security services provided by Aptible to WeInfuse is located here.

Continuous Compliance Monitoring with DRATA

DRATA is a security and compliance automation platform that continuously monitors and collects evidence of WeInfuse’s security controls while streamlining compliance workflows end-to-end to ensure audit readiness. WeInfuse uses DRATA tools and monitoring to ensure our policies, controls, and monitoring are up-to-date with the highest security standards at all times.

Identity Security provided by Auth0

WeInfuse client user logins are protected by Auth0 (by Okta). Auth0 secures the data of our clients by adding protection against some of the most common attacks on identity systems. Auth0 offers our WeInfuse clients industry-leading MFA security as well as protection from bots, DDOS attacks, and many other malicious actors. Using Auth0, WeInfuse can provide both SSO and secure SAML connectivity for our enterprise clients who wish to extend their identity systems with WeInfuse.

Security Resources

Below is a list of security resources for prospects, partners, and clients who wish to learn more about our WeInfuse security and compliance position.

WeInfuse SOC 2 Report

Copies of our current SOC 2 reports, attestation letters, and bridge letters may be requested from our WeInfuse Trust Page. A signed NDA and approval from our team may be required to access certain confidential reports and documents.

WeInfuse Trust Page

We believe in continuous security monitoring along with providing transparency and accountability for our clients and partners. We maintain a WeInfuse Trust Page where anyone can view our current security controls, monitoring status, and also request access to our security documentation and third party reports of any current security attestations or certifications.

WeInfuse Status Page

Our current and past application status is available on our WeInfuse Status Page. This page allows our clients and partners to monitor the status of our application along with the status of any partners or integrations that are available on the page. If there is a WeInfuse service outage or disruption in our normal service level, our team will post those updates, along with any available resolution timelines in order to keep our clients updated on our progress.

Still have security questions?

Click below to reach out if you have any other questions about our WeInfuse security and/or compliance.