Data Security & Compliance
SOC 2 TYPE 1
SOC 2 Type 1 Report covering Security, Availability & Privacy.
SOC 2 TYPE 2 + HITRUST
SOC 2 Type 2 Report that includes controls relevant to HITRUST
SOC 2 TYPE 2
SOC 2 Type 2 Report covering Security, Availability & Privacy.
ISO 9001:2015
Globally recognized security standards for implementing an ISMS.
CCPA
California Data Protection Standards.
GDPR
EU Data Protection Standards.
ISO 27001:2022
Globally recognized security standards for implementing an ISMS.
HIPAA
Globally recognized security standards for Healthcare Protected Information.
Data Security Infrastructure at Equa
1. Equa operates on servers which meet the threshold laid down in relevant international standards. These include ISO 27001, ISO 9001, ISO 27017, ISO 27018, C5, Cyber Essentials Plus, DoD SRG, FedRAMP, FIPS, PCI DSS Level 1, SEC Rule 17-a-4(f), SOC1, SOC2 and SOC3.
2. Entry and access to infrastructure are securely managed via VPN. Entry to important third party software providers/technology interface used by Virtual Dispute Resolution Centre including third parties is limited to VP-level employees only and is secured by 3 factor authentication.
3. Safeguarding data is one of the most critical challenges plaguing server administrators. Equa follows strict procedural guidelines which enable us to make our system more stable, fix issues such as setting up a firewall, creating and managing transport layer security SSL certificates, providing secure SFTP user access, and blocking malicious probes, among others.
4. Data is stored and aggregated on Amazon Web Services by default in the Mumbai Region and is constantly backed up. Registered workers, employees and agents must pass three factor authentication at least thrice before accessing data centre floors.
Document Security Compliances
All smart drafts/ documents created via smart drafts are version managed by default Amazon Web Services thereby, creating a permanent trail not only at the database level server but also at the storage level, ensuring the utmost security and anti-hack measures. All link information (including passwords) will be secured through end to end encryption when stored on our servers.
Equa’s audit trail includes within its sphere a permanent record of transactions embedded in the Blockchain Algorithm provided by our software providers/technology interface, including IP addresses and user information.
Documents are time-stamped and instantly backed up by Amazon Web Service providers. Customer and behaviour data and audit trail are automatically backed up every 3 hours and stored in our . Managed MongoDB instances are secured by three factor authentication and can be encrypted on request.
The aforementioned transactions are encrypted in 256/360 bit SSL and backed up by ECSDA algorithim.
Monitoring & Audit
Equa has continuous monitoring of services and infrastructure access in place 24/7, 365 days a year.
Any notifications or alerts generated by our monitoring system will be promptly sent to senior management promptly and acted upon.
Frequent third party audits are performed at Equa to ensure that we use the state-of-the-art technology and best practises to protect data.
All Equa’s employees, agents, software providers/technology partners/technology interface have gained relevant eductation, training, expertise and hence qualified in data protection. The aforementioned people are bound and protected by strict confidentiality provisions.
Safety monitoring is a crucial part of our quality control, and we ensure the same when launching updates or new features.
Grievances regarding Data Violations
The grievance relating to the Data Violations can be directly addressed to the Data Compliance Officer. The Equa Team shall take immediate action upon such information.
The Data Compliance Officer,
grievance@equa.law
www.equa.law