AlayaCare employs industry best practices for security measures. The objective is to gain information assurance in today’s open access networked environments in shared Cloud platforms.
The industry best practice approach means the use of all available security mechanisms in the different layers of the application deployment infrastructure to minimize potential attack vectors by creating multiple layers of protection in case one mechanism fails.
It relies on the intelligent application of techniques and technologies that exist today. The strategy recommends a balance between protection capabilities, efficiency and cost, performance and operational considerations.
As AlayaCare uses Amazon Web Services (AWS) hosting and deploys production environments using the AWS Virtual Private Cloud (VPC) service, we heavily leverage AWS security features.
Network Level Security Controls (Layer 4 of OSI model):
Application (HTTP/HTTPS) Level Security Controls (Layer 7 of OSI Model):
OS Infrastructure Level Security Controls (Layer 4/5/6/7 of OSI Model)
Enterprise Risk Management (ERM) is led by AlayaCare’s Security and Privacy Committee. It also involves other relevant personnel across the organization and it is designed to identify potential events that may affect the organization, identify and manage risks to ensure continuity of service as much as the confidentiality of the information stored within the infrastructure.
The underlying premise of ERM is that every organization exists to provide value for its stakeholders. All organizations face uncertainty, and the challenge for management is to determine how much uncertainty to accept as it strives to grow stakeholder value.
The framework used for this risk assessment utilizes the American National Institute of Standards and Technology (NIST) best practices.
At AlayaCare, managing information-related security risks is a continuous, complex, multifaceted undertaking that requires the involvement of the entire organization. Information risk management can be viewed as a holistic activity that is fully integrated into every aspect of the organization and translated in strict policies enforced by every member of the organization.