Butterfly Network is HIPAA and HITECH compliant with SOC II certification. SOC II certification is renewed annually.
Butterfly Network undergoes annual penetration testing conducted by a 3rd party security firm. If your organization requires more info please contact Butterfly Support.
Patching & Vulnerability Scanning
Butterfly Network has implemented a patch management process and automated vulnerability scanning, both of these administrative controls are part of the SOC II certification.
Butterfly Cloud is protected at the host level with both intrusion detection monitoring and incident response. Any critical-level vulnerabilities are scheduled for remediation within 24 hours.
Audited as part of SOC II certification, Butterfly Network has established formal data breach policies and procedures in place.
Butterfly conducts comprehensive background checks as a component of the hiring process. Subcontractors have the same requirements as employees with respect to on-boarding background check, privacy and security awareness training, and signing of NDA.
Employees who work with sensitive customer data or Protected Health Information (PHI) are required to take specialized HIPAA training. HIPAA training is mandatory at the time of hire and reviewed annually.
All new hires are required to take on-boarding training which covers security, confidentiality, ethics and our Quality Management System (QMS) and sets the tone for our collective responsibility for security.