Methodology

Approach

AlayaCare employs industry best practices for security measures. The objective is to gain information assurance in today’s open access networked environments in shared Cloud platforms.  

The industry best practice approach means the use of all available security mechanisms in the different layers of the application deployment infrastructure to minimize potential attack vectors by creating multiple layers of protection in case one mechanism fails. 

It relies on the intelligent application of techniques and technologies that exist today. The strategy recommends a balance between protection capabilities, efficiency and cost, performance and operational considerations. 

As AlayaCare uses Amazon Web Services (AWS) hosting and deploys production environments using the AWS Virtual Private Cloud (VPC) service, we heavily leverage AWS security features. 

Network Level Security Controls (Layer 4 of OSI model): 

  • Utilization of AWS VPC concept 
  • Concept of Private and Public facing networks 
  • VPC Security Groups 
  • Network Access Control Lists (ACLs) (AWS Firewall) 

Application (HTTP/HTTPS) Level Security Controls (Layer 7 of OSI Model): 

  • AWS ALB (Application Load Balancer) where applicable 
  • AWS ELB (Elastic Load Balancing) where applicable 
  • Nginx Secure reverse proxy 
  • AlayaCare Application Level Authentication control 
  • AlayaCare Application Level RBAC based Authorization control  

OS Infrastructure Level Security Controls (Layer 4/5/6/7 of OSI Model) 

  • Intrusion detection system 
  • OS Firewall / IPsec Policy / IP tables mechanisms 

Security Committee

Enterprise Risk Management (ERM) is led by AlayaCare’s Security and Privacy Committee. It also involves other relevant personnel across the organization and it is designed to identify potential events that may affect the organization, identify and manage risks to ensure continuity of service as much as the confidentiality of the information stored within the infrastructure.

The underlying premise of ERM is that every organization exists to provide value for its stakeholders. All organizations face uncertainty, and the challenge for management is to determine how much uncertainty to accept as it strives to grow stakeholder value.

The framework used for this risk assessment utilizes the American National Institute of Standards and Technology (NIST) best practices.

At AlayaCare, managing information-related security risks is a continuous, complex, multifaceted undertaking that requires the involvement of the entire organization. Information risk management can be viewed as a holistic activity that is fully integrated into every aspect of the organization and translated in strict policies enforced by every member of the organization.

Speak to an Expert

See how our powerful home health care solution can help you increase your bottom line and improve client outcomes.

Request a Demo

Not Ready to Chat?

Watch Videos

View Client Stories

Who We Help