Security & Compliance

• Operational Security

  Our team focuses on implementing best practice solutions, the result is a truly secure environment that maintains an audit trail of all events occurring throughout the system. We track and collect IP addresses, user profile information, application and service statistics with transactional data. All data systems are secured with multiple layers of encryption and significant data tamper prevention mechanisms.

• Ephemeral Cryptography

  Personal information that is stored on the govWorks platform is available for use only during application processing. When customers place orders, we encrypt all the data and it is only available to us while processing orders. It is then encrypted again and we lose access. Customers set security questions so that they have continued access. This ensures that if we’re breached, no personal info gets out.

• Security Process

  Security process is a key element of infrastructure optimization and must be part of the design criteria for all technologies. At govWorks our compliance team strictly adheres to all major privacy standards as part our commitment to provide the best product to our clients. Our security management process is based on the ISO 27001 standard, combined with the policies and procedures recommended by NIST.

• Physical Security

  Our state-of-the-art security measures use industry-leading physical security protocols that are compliant with a comprehensive portfolio of standards and regulations. All of govWorks production data is stored within Amazon Web Services (AWS). We chose AWS primarily because of their ongoing commitment to provide the best cloud hosting solution. All AWS data centers are compliant to the highest possible security standards.

• Systems Development Lifecycle

  Our Agile Systems Development Lifecycle (SDLC) ensures that all potential code releases are subject to security review, performance assessment, and a risk analysis before being scheduled for deployment. We clearly define work phases to produce high-quality systems that exceed customer expectations. All deployments are scheduled to minimize the impact to our clients and must be approved by the change management board.

• Service Level Agreement (SLA)

  Our commitment to quality and availability are the founding cornerstones of how we conduct business and provide service. Our goal at govWorks is to achieve 99.999% uptime every year. We have customer support agents available 24 hours a day, seven days a week to assist with all issues, and we have an on-call rotation of engineers, along with detailed monitoring to ensure that our service is always available.

Compliance

We comply with ISO/IEC 27001 and ISO 27018, which is the only auditable international standard, and defines the requirements for an Information Security Management System (ISMS). The standard is designed to select adequate and proportionate security controls.

Safe Harbor is the US Department of Commerce framework for meeting the European Union's Data Protection requirements. Our hosting facilities comply with the U.S.-EU Safe Harbor Framework and the U.S.-Swiss Safe Harbor Framework as set forth by the U.S. Dept of Commerce regarding the collection, use, and retention of personal information from EU member countries and Switzerland.

govWorks has the experience, tools, and technology to assist you in keeping your business HIPAA compliant if your needs require it. The HIPAA Privacy Rule provides federal protections for individually identifiable health information held by covered entities and their business associates and gives patients an array of rights with respect to that information.

The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards designed to ensure that ALL companies that accept, process, store or transmit credit card information maintain a secure environment.