We built Ripple with the safety and security of your data in mind. From the start, Ripple was developed using a HIPAA-compliant architecture. Thus, all of our plans comply with the current best practices in data privacy and security. Our security features include:
Infrastructure and Data
- HITECH certified data centers
- Separate database and application servers
- Double sever redundancy (3-replica sets)
- Dedicated, non-shared servers
- Logical segmentation of customer data
- Dedicated firewall and intrusion scanning
Encryption
- SSL 2048-bit data encryption during transit
- Disk Level database encryption (i.e., encryption at rest)
Audit Controls
- Fully readable audit logs for account admins
- Tracking of all View, Edit, Delete, Modify events
- Event level tracking for all users
- Custom selection of auditable events
- Logging of all failed login attempts
Access and Authentication
- Access control via username and passwords
- Single sign-on capable
- Automatic user logoff (custom time)
- Strong password requirement SC 03.02
- Case sensitive usernames (ISO-646/ECMA-6 )
- Password expiration (custom time)
- No password reuse for 12 month
- Account lock upon a custom number of failed login attempts
- Access groups with custom access roles
- Limited feedback after failed attempt
- No access of customer data by Ripple’s staff except when mandated by law or when explicitly requested and authorized by customer for data recovery or technical support purposes.