Security

At Founda Health, security isn't just a requirement; it's a cornerstone of our organization. We integrate comprehensive security measures into every facet of our operations to ensure the highest protection for user data and system integrity.

Our systems undergo continuous penetration testing, conducted by third-party cybersecurity experts. This proactive approach helps us identify and mitigate potential vulnerabilities, fortifying our defenses against unauthorized access and data breaches.

We adhere to industry best practices for security, including multi-factor authentication, data encryption, and secure data transmission protocols. Our team stays on top of of the latest advancements in security technologies to continually enhance our safeguards.

We employ a robust suite of monitoring tools and conduct regular security audits to ensure that our security controls remain effective and up-to-date. In addition to traditional monitoring methods, we utilize advanced anomaly detection algorithms, backed by machine learning and artificial intelligence. This allows us to proactively identify unusual patterns and potential threats, adding an extra layer of sophistication to our security measures. This continuous oversight enables us to maintain a secure and reliable platform for our users.

Founda implements strong cryptographic controls to protect sensitive information, including Personally Identifiable Information (PII). We use industry-standard encryption methods such as AES-256 for encryption at rest and enforce TLS 1.2+ or mTLS for data in transit to ensure end-to-end protection. While customers cannot choose their own encryption methods, all communication between systems is encrypted by default. Additionally, where applicable, we apply further security measures such as hashing or tokenization to enhance data protection. Our security practices align with industry standards and regulatory requirements to ensure confidentiality and integrity across our platform.

In the event of a security incident, we have a well-defined and regularly-updated incident response plan in place. This plan is actively practiced as part of our business continuity exercises, enabling us to react swiftly and efficiently, minimizing impact and ensuring continuity of service.

All staff members undergo regular security training to stay informed of the latest threats and preventive measures. We foster a culture of security awareness throughout our organization.