Dutchie
- Websitehttps://dutchie.com
- Trust Centerhttps://trust.dutchie.com
- Compliance
- CCPA
In order to comply with the CCPA, Dutchie uses a privacy portal which allows users to request erasure, a download of their data, and to manage their consent settings for dutchie.com. For addition information on privacy, please refer to Dutchie's Privacy Policy or contact Dutchie at [email protected]
If you would like to exercise any of these rights, you may do so at privacy.dutchie.com or by emailing us at [email protected] After we receive your request, we may request additional information from you to verify your identity. Your authorized agent may submit requests in the same manner, although we may require the agent to present signed written permission to act on your behalf, and you may also be required to independently verify your identity with us and confirm that you have provided the agent permission to submit the request.
- HIPAA
Dutchie is considered a Business Associate and is compliant with all applicable rules and regulations of the Health Insurance Portability and Accountability Act (HIPAA) of 1996.
Dutchie will enter into Business Associate Agreements (i.e. BAAs) with its customers and clients that wish to untilize Dutchie to access, process, transfer and/or store its ePHI (Protected Health Information that is produced, saved, transferred or received in electronic form).
Dutchie has deployed and implemented applicable security policies and procedures to ensure this is done.
2 more topics
- Data Security
- Data Encrypted At-Rest
All information other than Public is encrypted at-rest as a basic rule. Requests for exceptions are reviewed and approved by the Privacy and Security. In addition, where appropriate, Dutchie utilizes column-level database encryption on all Restricted data (e.g. PII, ePHI, etc.).
Dutchie does not utilize any encryption that is not FIPS 140-2 compliant (U.S.A. only). If an exception is needed, the CISO will conduct a risk assessment and make the appropriate recommendation.
- Data Encrypted In-Transit
All data transmissions over external or untrusted networks are encrypted. All remote connectivity and non-console administrative sessions are protected via strong encryption.
Dutchie does not utilize any encryption that is not FIPS 140-2 compliant (U.S.A. only). If an exception is needed, the CISO will conduct a risk assessment and make the appropriate recommendation.
1 more topic
- Privacy
- Data Retention Policy
Dutchie's data retention practices are compliant with its Data Classification and Ownership Policy as well as the Data Governance Standard which are driven by the regulatory requirements, executed Business Associate Agreements (BAAs), and other contractual obligations with customers and/or clients.
1 more topic
- Incident Management & Response
- Data Breach Notification
Dutchie has a duty to safeguard electronic Protected Health Information (ePHI) and to prevent the compromise of our customer's data. The Breach Notification Response Plan (Plan) has been established and implememted to provide oversight and guidance for the required processes for privacy and security breach response in compliance with federal and state privacy laws.
- Incident Response Plan (IRP)
Incident response and business continuity plans are tested annually with other business units to ensure that incident handling teams understand their responsibilities and that processes remain effective.
- Availability & Reliability
- Data Redundancy
- Denial of Service (DoS) Protection
Dutchie takes measures to protect its products against Denial of Service (DoS) attacks.
3 more topics
- Organizational Security
- Employee Background Checks
Background verification checks on all candidates for employment must are carried out per relevant laws, regulations, and ethics and are proportional to the business requirements, the classification of the information to be accessed, and the perceived risks.
Background verification considers relevant privacy statutes, protection of personally identifiable information (PII), and employment-based legislation.
- Employee Security Training
All new employees attend an approved security awareness training class before, or at least within thirty (30) days of, being granted access to any Dutchie’s information resources. Employee contractors and relevant third parties receive security training appropriate for specific job roles and responsibilities.
Periodic security reminders, montly security updates as well as annual security and awareness training is completed in acordance with relevant regulatory and/or contractual compliance requirements. The Data Protection Officer maintains and retains documentation of security awareness training (inlcuding HIPAA security training) attendance records. and employee acknowledgments.
3 more topics
- Business Continuity
- Data Backups
- Infrastructure
- Multi-Tenant Architecture
Dutchie products are designed with multi-tenant architecture in mind.
1 more topic
- Threat Management
- Penetration Testing
Third-party penetration testing for the in-scope systems (internal and internet-facing) is preformed annually. Dutchie's pen test report is available for its existing, new and prospective customers by requesting it here upon execution of the Non-Disclosure Agreement.
- Vulnerability Scanning
Dutchie has developed and implemented a vulnerability management program by which vulnerabilities identified through scanning are tracked, evaluated, prioritized, and managed until these vulnerabilities are remediated or otherwise appropriately resolved.
Dutchie's code, containers, software dependencies, and infrastructure are continuously scanned for vulnerabilities, misconfigurations, and security weaknesses.
Sign up to see the rest of Dutchie's posture and unlock unlimited access.
Unlimited access to the directory allows you to review and compare thousands of security postures sourced from around the web.