Secure
Architecture
Cogito follows a defense-in-depth methodology by building multiple layers of security into the application and infrastructure. We employ several controls including, but not limited to, strong access control using the least access principle; encryption in transmission and at rest; IP filtering; vulnerability management; and system hardening.
Application
Security
Cogito takes steps to securely develop and test against security threats to ensure the safety of our customer data at multiple stages of the development process. We use static (SAST) and dynamic (DAST) code scanning tools to proactively find and remediate vulnerabilities and follow the Open Web Application Security Project (OWASP) guidelines. In addition, Cogito employs third-party security experts to perform extensive penetration tests on our application.
Security
Program
We have an Information Security Management System in place at Cogito which is designed to continually assess and deal with risk. We implement administrative, technical, and physical safeguards to ensure the confidentiality, availability, and integrity of our customer’s data.
Training &
Awareness
Cogito has a comprehensive privacy and security training program in place for all employees and contractors that may come in contact with customer data to align with best practices and multiple industry requirements, such as HIPAA. Upon hire, all employees must pass the training and sign and acknowledge a number of policies including our Code of Ethics and Acceptable Use policies prior to being granted.
Compliance
Cogito implements the necessary administrative, technical, and physical controls to not only protect your data based on risk, but also to comply with relevant industry-specific requirements. We have undergone certification for SOC2,
PCI-DSS and HITRUST by a qualified third-party auditing firm. We include all of our application infrastructure and components into the scope of our compliance activities.
Data Privacy
Cogito’s clients can rely on Cogito to assist them in maintaining compliance with data protection laws and regulations, including GDPR and CCPA, as Cogito has implemented legislatively-required procedures in response to these important directives. Our in-house legal team is dedicated to enabling compliance with data privacy regulations, and we have retained a dedicated Data Privacy Officer to help assist in any data privacy-related initiatives. We have created data maps and a comprehensive record of the processing activity, and have established procedures for assisting our clients in response to data subject access rights and requests. We periodically conduct data privacy impact assessments, and also have Data Protection Agreements (DPAs) in place with all vendors who handle personal data. We also ensure the safe transfer of cross-border EU citizen data from the EU and Switzerland to the U.S., by actively maintaining certification with the EU and Swiss Privacy Shield Frameworks.