When clients outsource their product/project development to us, we realize that they are entrusting their revenue lifeblood to an “outsider.” We have therefore taken exceptional precautions to ensure that our services run reliably and securely.
Our network and operation infrastructure are designed to run 365 days per year. In fact, since initial operations, our firm has never lost a day of productive service. All computers are on an Uninterruptible Power Supply. We are based on a reliable power grid. Our offices have full backup diesel power generators. We maintain spare parts on-site for key servers and other components. We maintain redundant high speed Internet connections. We have architected resilience into our services from their inception.
During the execution and operation of some of the projects, we will be exposed to PHI and other sensitive data. Given the inherent sensitivities of such data, we have designed a service infrastructure that virtually erases the risk of data being compromised from physical and data security risks. All of our development staff on such projects will need to work from supervised facilities (as opposed to working unsupervised from home). Our offices are behind guarded perimeter fences and have separate 24 hour security guards at each office entrance. Access to production facilities is controlled via compartmentalized keycard control and is subject to 24 hour video surveillance. Access to service rooms requires 3-factor authentication. PCs have disabled USB ports, floppies and CD drives; print screen copying is disabled at the operating system’s Registry level. Developers have no access to printers or email – in fact, most of our operations are completely paperless. When it comes to safeguarding information, our safeguards routinely exceed the most stringent policies of our customers or of competitors.
HIPAA training is a mandate for all employees at RUBY. An Annual Security Awareness Session is deployed through our in-house training system, which delivers educational content in areas like best practices for physical and virtual safeguards. For those market sectors that are regulated (like Banking), we can also deliver customized (and statutorily-mandated) training based on our customers specific needs. Our compliance framework is rigorous, objective and well-documented.