Ripple's plans have security features that meet or exceed HIPAA guidelines. We sign Business Associate Agreements with any of our customers who are subject to HIPAA.
Our current security features include:
Infrastructure and Data
- HITECH certified data centers
- Separate database and application servers
- Double sever redundancy (3-replica sets)
- Dedicated, non-shared servers
- Logical segmentation of customer data
- Dedicated firewall and intrusion scanning
Encryption
- SSL 2048-bit data encryption during transit
- Disk Level database encryption (i.e., encryption at rest)
Audit Controls
- Fully readable audit logs for account admins
- Tracking of all View, Edit, Delete, Modify events
- Event level tracking for all users
- Custom selection of auditable events
- Logging of all failed login attempts
Access and Authentication
- Access control via username and passwords
- Automatic user logoff (custom time)
- Strong password requirement SC 03.02
- Case sensitive usernames (ISO-646/ECMA-6 )
- Password expiration (custom time)
- No password reuse for 12 month
- Account lock upon a custom number of failed login attempts
- Access groups with custom access roles
- SSO (optional)
- Limited feedback after failed attempt
- No access to customer data by Ripple’s staff except when mandated by law or when explicitly requested and authorized by customer for data recovery or technical support purposes.