Security Program Highlights

SOC-2 Type 2

Thirdwave Rx encrypts all data in our custody. We use tools like Azure Key Vault to manage encryption keys for maximum security in line with industry best practices.

HIPAA

Thirdwave Rx is a certified HIPAA-compliant company. All exchanges and data are securely protected and stored in accordance with HIPAA regulations. We use Vanta to integrate with our application and platforms to demonstrate our compliance.

Data Security

Thirdwave Rx encrypts all data in our custody. We use tools like Azure Key Vault to manage encryption keys for maximum security in line with industry best practices.

Application Security

Thirdwave Rx regularly engages some of the industry’s best application security experts for third-party penetration testing. Our penetration testers evaluate the source code, running application, and the deployed environment.

We also use high-quality static analysis tooling such as SonarQube, Snyk, Mend, and OWASP ZAP to secure our product at every step of the development process.

Infrastructure Security

Thirdwave Rx uses Microsoft Azure to host our application. We make full use of the security products embedded within the Microsoft Azure ecosystem, including, but not limited to, Security Center, DDoS Protection, and Front Door.

In addition, we deploy our application using containers run on Microsoft Azure managed services, meaning we typically do not manage any virtual machine instances in production.

Trust Center

We take security and privacy seriously. Our partnership with Vanta allows us to uphold the highest compliance standards and maintain a transparent security posture. Visit our Vanta Trust Center to view our certifications, understand our practices, and see how we continuously protect your data.