BAS is committed to protecting its clients’ data security. The practices used by BAS are founded on HIPAA Privacy and Security requirements and the National Institute of Standards and Technology (NIST) guidance. In addition to annual HIPAA training and on-going monitoring, BAS employs both required and best-practices security technologies to support encryption, file change management, server log analysis, virus protection, and data loss prevention.
Encryption – Servers and Laptops: Data at Rest
BAS encrypts all Windows laptop hard drives with Symantec PGP encryption or Microsoft BitLocker. For BAS’ Mac users, Apple’s iOS FileVault encryption is utilized. All data at rest is encrypted.
System Access Control: Access control measures are in place to authenticate users with stringent User id and password controls and to segregate access to accounts and data via client directed roles and assignments.
The BAS Network is protected by network devices. External vulnerability scans and penetration tests are performed to run on a frequently scheduled basis with remediation windows.
BAS uses a firewall add-on module that incorporates an Intrusion Prevention Systems (IPS) solution to protect against software/hardware vulnerabilities, exploits or attacks.
BAS continually uses best practices to maintain the security of all data in its systems.