If you're conducting a vendor risk assessment, procurement review, or ongoing due diligence, you might have questions about how Assembled handles security and compliance. This article can help you understand our certifications, get access to our Trust Center, and locate the documentation you need.
In this article:
- Is Assembled SOC 2 compliant?
- Is Assembled HIPAA compliant?
- Is Assembled GDPR compliant?
- How do I request specific compliance or security documentation?
- How do I access the Trust Center?
Is Assembled SOC 2 compliant?
Yes, Assembled is SOC 2 Type II compliant. This means we are thoroughly audited by an independent third party to ensure our systems meet the Trust Services Criteria (or TSCs).
This audit includes our robust approach to security management, risk assessment, and third-party risk controls. We're committed to maintaining these standards to ensure the security and confidentiality of our customers' data. Read more about our security practices.
Is Assembled HIPAA compliant?
Yes, Assembled is HIPAA compliant. This means we follow the necessary protocols to protect sensitive personal health information and ensure that any healthcare-related data is handled with care and confidentiality. The privacy and security of our customers (and their customers) is our first priority.
We have Business Associate Agreements (also called BAAs) in place with every entity that could potentially transfer personal health information to Assembled, and we strictly follow these agreements.
If you represent a healthcare organization and you need to establish a Business Associate Agreement (BAA) for HIPAA compliance, please contact us by email at support@assembled.com.
Is Assembled GDPR compliant?
Yes, we adhere to the European Union's General Data Protection Regulation (or GDPR), which gives people more control over their personal data.
We’ve also successfully re-certified under the EU-U.S. Data Privacy Framework. This means we can legally transfer and process personal data from the EU in a way that is recognized as compliant with GDPR.
For assistance with data subject requests and help with managing your own data, please use our privacy guide.
If you have specific questions about GDPR requirements like data anonymization or retention policies, contact us.
How do I request specific compliance or security documentation?
The fastest way to find our compliance documentation is through our Trust Center.
This self-service portal contains our security documentation, including controls and policies that help us protect customer data. You'll be able to find SOC 2 reports, penetration testing reports, incident response plans, and more.
You can locate all of our documentation and policies under the Resources tab. Each document is available for download and it can also be shared with a direct link if needed.
How do I access the Trust Center?
If you don't already have access to the Trust Center, we'll need to grant access manually. We're usually able to grant access within a few days.
To request access:
- Visit trust.assembled.com.
- Fill out the request form. Please be sure to use your full name and your work email address.
- We'll review your request as soon as possible. When access is granted, you'll get an email that will help you sign in.
If you need help with the Trust Center or have questions about specific documents, contact us.
Comments
0 comments
Please sign in to leave a comment.