Security Policy

At Administr, security is fundamental to everything we do. We are committed to protecting your data with industry-leading security practices.

256-bit Encryption

All data encrypted in transit and at rest

SOC 2 Type II

Independently audited security controls

24/7 Monitoring

Continuous security monitoring and alerting

HIPAA Compliant

Healthcare data protection standards

Our Security Commitment

Administr LLC. ("Administr," "we," "us," "our") is committed to maintaining the security, confidentiality, and integrity of the data entrusted to us by our customers. This Security Policy outlines the technical and organizational measures we implement to protect your information.

Infrastructure Security

Our platform is hosted on enterprise-grade cloud infrastructure with the following protections:

  • Data Centers: We utilize SOC 2 Type II certified data centers with physical security controls including biometric access, 24/7 surveillance, and security personnel.
  • Network Security: Multi-layered network protection including firewalls, intrusion detection/prevention systems (IDS/IPS), and DDoS mitigation.
  • Redundancy: Geographic redundancy and automated failover to ensure high availability and disaster recovery.
  • Backups: Automated daily backups with encryption and secure off-site storage with defined retention policies.

Data Protection

We implement comprehensive data protection measures:

  • Encryption in Transit: All data transmitted to and from our platform uses TLS 1.2 or higher encryption.
  • Encryption at Rest: All stored data is encrypted using AES-256 encryption.
  • Key Management: Encryption keys are managed using industry-standard key management practices with regular rotation.
  • Data Isolation: Customer data is logically separated to prevent unauthorized access between tenants.
  • Data Minimization: We collect and retain only the data necessary to provide our services.

Access Control

We enforce strict access controls to protect your data:

  • Role-Based Access: Access to systems and data is granted based on the principle of least privilege.
  • Multi-Factor Authentication: MFA is required for all administrative access to our systems.
  • Single Sign-On: Enterprise SSO integration available for customer authentication.
  • Session Management: Automatic session timeout and secure session handling.
  • Access Logging: All access to systems and data is logged and monitored.

Application Security

Our development practices prioritize security:

  • Secure Development: We follow secure coding practices and conduct code reviews for all changes.
  • Vulnerability Testing: Regular automated and manual security testing, including penetration testing by third parties.
  • Dependency Management: Continuous monitoring and patching of third-party dependencies.
  • Security Training: All developers receive regular security awareness and secure coding training.

Monitoring and Incident Response

We maintain robust monitoring and incident response capabilities:

  • 24/7 Monitoring: Continuous monitoring of systems for security events and anomalies.
  • SIEM: Security Information and Event Management for centralized log analysis and alerting.
  • Incident Response Plan: Documented incident response procedures with defined roles and responsibilities.
  • Breach Notification: Prompt notification to affected customers in accordance with applicable laws and our DPA.

Compliance and Certifications

We maintain compliance with industry standards and regulations:

  • SOC 2 Type II: Annual third-party audit of our security controls.
  • HIPAA: Compliance with healthcare data protection requirements; BAAs available.
  • GDPR: Compliance with EU data protection regulations.
  • CCPA: Compliance with California Consumer Privacy Act requirements.

Employee Security

Our team follows strict security practices:

  • Background Checks: All employees undergo background screening prior to employment.
  • Security Training: Mandatory security awareness training upon hire and annually thereafter.
  • Confidentiality: All employees sign confidentiality and non-disclosure agreements.
  • Workstation Security: Endpoint protection, encryption, and mobile device management.

Vendor Security

We carefully evaluate and monitor our vendors and sub-processors. All vendors with access to customer data must meet our security requirements and are bound by appropriate contractual obligations. We maintain a list of sub-processors and notify customers of changes as described in our Data Processing Agreement.

Business Continuity

We maintain business continuity and disaster recovery plans that are tested regularly. Our infrastructure is designed for high availability with automated failover capabilities. Recovery time and recovery point objectives are defined and regularly validated.

Reporting Security Concerns

If you discover a security vulnerability or have security concerns, please contact us immediately:

Security Team
Email: security@administr.com

We take all security reports seriously and will respond promptly to investigate and address any concerns.

Last Updated: February 2025