Security & Compliance

Here at govWorks we understand the need to properly secure customer data.
Our family of brands all utilize government standards for information security and encryption to ensure the highest level of security for your private information. Every govWorks site and service is secured using 256 bit TLS encryption, hosted on government tier server infrastructure, which is routinely audited to verify the integrity of our system. Rest assured, protecting your privacy is our top priority.
-
Privacy
Your personal information stored on the govWorks platform is available for use only during application processing. All data and documents uploaded to govWorks are kept private and can be viewed, edited, or signed by users or others as you direct. Protecting your privacy is our top priority. We will never share your personal information with non-applicable 3rd parties. -
Encryption
At minimum, personal information is encrypted at rest using 256-bit Advanced Encryption Standard (AES). This is the same level of encryption used by banks. In an industry first, setting security questions on your account encrypts data using our ephemeral protocol, ensuring information is only accessible by you during your order according to our Information Lifecycle Management (ILM). -
Architecture
We have architected a fully N-modular redundant system designed to scale to any number of users and handle any significant outage. With no masters or single point of failure, our distributed system is built upon modern clustering technologies to ensure high availability. The govWorks engineering team has taken every measure to ensure the network and server infrastructure remains resilient and secure.
-
Operational Security
Our team focuses on implementing best practice solutions, the result is a truly secure environment that maintains an audit trail of all events occurring throughout the system. We track and collect IP addresses, user profile information, application and service statistics with transactional data. All data systems are secured with multiple layers of encryption and significant data tamper prevention mechanisms.
-
Ephemeral Cryptography
Personal information that is stored on the govWorks platform is available for use only during application processing. When customers place orders, we encrypt all the data and it is only available to us while processing orders. It is then encrypted again and we lose access. Customers set security questions so that they have continued access. This ensures that if we’re breached, no personal info gets out.
-
Security Process
Security process is a key element of infrastructure optimization and must be part of the design criteria for all technologies. At govWorks our compliance team strictly adheres to all major privacy standards as part our commitment to provide the best product to our clients. Our security management process is based on the ISO 27001 standard, combined with the policies and procedures recommended by NIST.
-
Physical Security
Our state-of-the-art security measures use industry-leading physical security protocols that are compliant with a comprehensive portfolio of standards and regulations. All of govWorks production data is stored within Amazon Web Services (AWS). We chose AWS primarily because of their ongoing commitment to provide the best cloud hosting solution. All AWS data centers are compliant to the highest possible security standards.
-
Systems Development Lifecycle
Our Agile Systems Development Lifecycle (SDLC) ensures that all potential code releases are subject to security review, performance assessment, and a risk analysis before being scheduled for deployment. We clearly define work phases to produce high-quality systems that exceed customer expectations. All deployments are scheduled to minimize the impact to our clients and must be approved by the change management board.
-
Service Level Agreement (SLA)
Our commitment to quality and availability are the founding cornerstones of how we conduct business and provide service. Our goal at govWorks is to achieve 99.999% uptime every year. We have customer support agents available 24 hours a day, seven days a week to assist with all issues, and we have an on-call rotation of engineers, along with detailed monitoring to ensure that our service is always available.
Compliance

We comply with ISO/IEC 27001 and ISO 27018, which is the only auditable international standard, and defines the requirements for an Information Security Management System (ISMS). The standard is designed to select adequate and proportionate security controls.

Safe Harbor is the US Department of Commerce framework for meeting the European Union's Data Protection requirements. Our hosting facilities comply with the U.S.-EU Safe Harbor Framework and the U.S.-Swiss Safe Harbor Framework as set forth by the U.S. Dept of Commerce regarding the collection, use, and retention of personal information from EU member countries and Switzerland.

govWorks has the experience, tools, and technology to assist you in keeping your business HIPAA compliant if your needs require it. The HIPAA Privacy Rule provides federal protections for individually identifiable health information held by covered entities and their business associates and gives patients an array of rights with respect to that information.

The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards designed to ensure that ALL companies that accept, process, store or transmit credit card information maintain a secure environment.