Security

Security and Privacy
at Surgical Data Science Collective

Security is at the heart of what we do — helping our customers improve their security and compliance posture starts with our own.

Learn More
Learn More

Information Security

SDSC encrypts and protects sensitive information across the transformation and analysis process.

I.

Data in Transit

TLS 1.3 encryption for all data exchanged. Server TLS keys and certificates are managed by AWS and deployed via Application Load Balancers. Additional security is available for dedicated VPN connections between the customer and SDSC.

II.

Data at Rest

AES 256-bit encryption.

III.

Network Security

Intrusion detection systems and alerts to monitor for real-time threats. We employ VPCs to keep different parts of our cloud isolated, and have strict access policies, audited access, and VPNs.

Access Management & Authentication

SDSC’s platform provides full control of access to all hosted information.

Account Authentication

Username/password and passwordless authentication for access to our platform.

Granular Access Control and Review

Role-based access, visibility, and user access rights. Regular access review and analysis.

Password Policies

Required strength factors (following NIST guidelines), salted and hashed password storage, and password resets.

Audit and Access Logging

Detailed tracking and audit logging of all activities related to the application environment and administrative activity.

Information Security

Software Development Practices

Security processes have been fully integrated into the SDSC software development processes. In addition, processes are set up to allow for separation of duties and segmentation of platforms with development, staging, and production.

Granular role based security controls design

Separation between development, staging, and prod

Use of test data in development environment

Code peer review

Penetration testing

Code repository controls

Deployment controls

Information Security

Infrastructure Security

SDSC leverages Amazon Web Services (AWS). We utilize hardening practices from the Center for Internet Security (CIS) benchmarks for the platform configuration.

SDSC can make available all standards, AWS certifications, and accreditations along with physical security controls.

Company Policies and Procedures

SDSC security, risk, and compliance processes were developed based on industry best practices and are reviewed and updated on an annual basis or upon any significant change.

Security Policies and Training

All employees go through required training upon hire and must recertify on an annual basis. Policies include:

Access Control
Business Continuity
Disaster Recovery
Cryptographic Controls
Data Management
Human Resources Security
Information Security
Operations Security
Physical Security
Risk Management

Platform Security

On-going security activities, including:

Access Control
Business Continuity
Disaster Recovery
Cryptographic Controls
Data Management
Human Resources Security
Information Security
Operations Security
Physical Security
Risk Management

Incident Response Planning & Team

In place to handle any significant security event to triage and respond to establish system resiliency, minimize impact, and protect customer data.

Information Security

Regular Third-Party Security Review

That identifies and evaluates security risks of vendors and third parties.

Get Access Now

Register for free and join hundreds of surgeons who are already taking advantage of the Surgical Video Platform.

Sign Up for SVP
Sign Up for SVP