How we got the most out of PCI DSS v4
How Evervault combined the best of defined and customized validation to achieve PCI DSS v4
Evervault is building encryption infrastructure for developers. Our mission is to encrypt the web. Our goal is to end data breaches.
Security will always be our number one priority. While being compliant is not the same as being secure, we know that being certified to the highest compliance standards is an important way to give developers and customers assurance that they can build business-critical applications on Evervault.
Today, we’re excited to announce that Evervault has achieved compliance with HIPAA and SOC 2 Type II.
Under HIPAA, Evervault is a business associate for covered entities, including hospitals, medical services providers, research facilities, healthcare startups, and insurance companies that deal directly with ePHI.
Covered entities can use Evervault to encrypt and process electronic protected health information (ePHI), like insurance and billing information, diagnosis data, clinical care data, and lab & test results.
We fully support our customers’ efforts to maintain HIPAA. Customers looking to maintain HIPAA — like Vital — can enter into a Business Associate Agreement (BAA) with Evervault.
Contact our sales team to enter a BAA with Evervault.
Evervault’s System and Organization Controls 2 (SOC 2) Report is an independent third-party examination report that demonstrates how Evervault has established and follows strict information security policies and procedures.
The purpose of a SOC 2 Report is to provide customers — like Manna — with an independent assessment of Evervault’s information security control environment.
Evervault maintains SOC 2 Type II compliance relevant to system / customer data security, availability, and confidentiality.
SOC 2 Type II examines the continued effectiveness of our control environment throughout an annual period. We are currently in our second audit period, ending 31 December 2021.
Contact our sales team for our SOC 2 Type II report.
Developers and businesses that need to secure ePHI under HIPAA, or any other sensitive data can start encrypting now.