Skip to main content
EKB is dedicated to upholding stringent security standards and regulatory compliance, ensuring that your data is protected and managed according to industry benchmarks. Certifications we maintain
  • HIPAA — Protection of sensitive patient health information for healthcare organizations.
  • AICPA SOC 2 Type II — Trust service principles (security, availability, processing integrity, confidentiality, privacy) verified by independent audit.
  • ISO 27001 — Internationally recognized information security management system.
  • GDPR — European data protection and privacy rights for individuals.
  • CCPA — California consumer privacy rights and transparent data practices.
Details for each certification are outlined below.

Compliance Certifications

EKB has achieved multiple compliance certifications that reflect our commitment to high standards of security and data protection. Each certification serves as a testament to our adherence to specific regulations and best practices that govern how we handle sensitive information.

HIPAA Compliance

EKB is HIPAA compliant, which ensures the protection of sensitive patient health information. This compliance involves:
  • Protected Health Information (PHI) Protection: Secure handling of healthcare data.
  • Administrative Safeguards: Policies and procedures for PHI protection.
  • Physical Safeguards: Security measures for data centers and systems.
  • Technical Safeguards: Encryption, access controls, and audit logs.
By being HIPAA compliant, we provide assurance to healthcare organizations that their sensitive data is protected according to established regulations.

AICPA SOC 2 Compliance

The AICPA SOC 2 certification demonstrates our adherence to trust service principles defined by the American Institute of Certified Public Accountants. This includes:
  • Security: Protection against unauthorized access.
  • Availability: Ensuring system performance and uptime.
  • Processing Integrity: Accurate and complete processing of data.
  • Confidentiality: Safeguarding confidential information.
  • Privacy: Responsible handling of personal information.
EKB undergoes regular audits by independent third parties, providing enterprise customers with confidence in our security practices.

ISO 27001 Certification

The ISO 27001 certification reflects our robust information security management system. This certification involves:
  • Risk Management: A systematic approach to managing information security risks.
  • Security Controls: Implementation of comprehensive security measures.
  • Continuous Improvement: Regular reviews and enhancements of security practices.
This certification demonstrates our commitment to maintaining a secure environment through ongoing improvement.

GDPR and CCPA Compliance

EKB complies with both the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), ensuring the protection of personal data and consumer privacy. Key aspects include:
  • GDPR:
    • Rights of data subjects to access, rectify, and delete personal data.
    • Transparency in data processing activities.
    • Built-in data protection measures.
  • CCPA:
    • Consumer rights to know, delete, and opt-out of the sale of personal information.
    • Clear disclosure of data collection and usage practices.
    • Strong privacy protections for California residents.
These compliance efforts reinforce our dedication to protecting individual privacy rights and ensuring transparent data practices.

Third-Party Security Tools

EKB uses third-party security tools to strengthen our security posture, with continuous monitoring, threat detection, and incident response.

BlackDuck

  • Open Source Security Scanning — Comprehensive security scanning of software components
  • Vulnerability Management — Identification and management of security vulnerabilities
  • License Compliance — Open source license compliance

Security Standards & Practices

To ensure robust security measures are in place, EKB follows multiple security frameworks. These frameworks guide our security practices and help us remain vigilant against potential threats. Notable frameworks include:
  • NIST Cybersecurity Framework: A comprehensive approach to managing cybersecurity risks, providing guidelines for organizations to improve their security posture.
  • OWASP Top 10: A list of the most critical security risks to web applications, offering guidelines for protecting against these common vulnerabilities.
  • CIS Controls: A set of best practices for securing IT systems, designed to help organizations prioritize their cybersecurity efforts.
  • ISO 27001: Internationally recognized standards for information security management systems, outlining requirements for establishing, implementing, maintaining, and continually improving information security.

Compliance Management

EKB maintains continuous compliance through a structured approach that includes regular audits, compliance monitoring, and risk assessments. These practices ensure that we consistently meet regulatory requirements and identify areas for improvement. Continuous compliance is fundamental to our security strategy, enabling us to respond promptly to any compliance issues that may arise. We provide various compliance reports, including AICPA SOC 2 Type II reports and ISO 27001 certification documents. These reports are available to enterprise customers upon request, demonstrating our commitment to transparency and accountability. If you require specific compliance documentation, our support team is available to assist you.

Industry-Specific Compliance

Understanding the unique compliance requirements of different industries is essential for EKB. In the healthcare sector, we ensure full compliance with HIPAA and the HITECH Act, which govern the protection of healthcare data. We also adhere to state-specific healthcare regulations to ensure that we meet all relevant legal obligations. For California residents, our compliance with the CCPA reinforces our commitment to consumer privacy. This includes supporting consumer rights related to personal information and ensuring transparency in our data practices. By addressing the specific needs of various industries, we can effectively protect sensitive data and foster trust with our clients.

Data Residency & Sovereignty

EKB offers flexible options for data residency and sovereignty to meet regulatory requirements. We provide various data residency options, including regional deployments that comply with local laws. This ensures that data is stored and processed in accordance with applicable regulations, particularly for international clients who must navigate different data protection laws. Our compliance with GDPR and other regional regulations further emphasizes our commitment to data protection. We have established secure mechanisms for cross-border data transfers, ensuring that data remains protected regardless of its location.

Compliance Documentation

To ensure transparency and accountability, EKB provides various compliance documentation, including security policies, compliance certificates, audit reports, and data processing agreements. If you require specific documentation, our Support team is available to assist you with your requests.

Contact

For questions about security and compliance or to request compliance documentation, please contact Support.