Trust Center

Start your security review
View & download sensitive information
Ask for information
ControlK

Overview

Services

CirrusMD provides a telemedicine platform that connects patients with healthcare providers in real-time, through web and mobile applications. Their service allows seamless interaction between patients and doctors, enabling users to consult on medical issues, receive guidance, and manage healthcare concerns without the need for in-person visits. This platform facilitates on-demand, text-based communication, ensuring accessible healthcare for employees and patients of CirrusMD's partners, such as employers, health insurers, and healthcare systems. These services also extend to healthcare professionals who use the system for tracking and managing patient care​​.

Security Program

CirrusMD protects its stakeholders and company assets through a comprehensive security program of policies, standards, and controls. Our HIPAA-compliant platform utilizes physical, technical, and administrative safeguards to ensure full adherence to federal and state privacy laws across the entire provider network. Moreover, CirrusMD maintains its security and privacy programs in alignment with industry standards, evidenced by certifications such as ISO27001 and SOC2 Type II. These certifications attest to the thoroughness in the design and implementation of the company's policies and safeguards, ensuring they meet or surpass industry norms and are adaptable to evolving threats.

Compliance

FedRAMP Moderate Logo
FedRAMP Moderate
HIPAA Logo
HIPAA
SOC 2 Logo
SOC 2
TX-RAMP Logo
TX-RAMP

Documents

REPORTSNetwork Diagram
REPORTSOther Reports
REPORTSPentest Report
COMPLIANCESOC 2
COMPLIANCETX-RAMP
POLICIESAcceptable Use Policy
POLICIESAccess Control Policy
POLICIESAnti-Malicious Software Policy
POLICIESAsset Management Policy
POLICIESBackup Policy
POLICIESBring Your Own Device (BYOD) Policy
POLICIESBusiness Continuity/Disaster Recovery (BC/DR) Policy

Risk Profile

Data Access LevelRestricted
Impact LevelSubstantial
Recovery Time Objective24 hours
View more

Product Security

Audit Logging
Data Security
Multi-Factor Authentication
View more

Reports

Network Diagram
Other Reports
Pentest Report

Completed Security Questionnaires

We are working on our security compliance. We can provide completed questionnaires upon request.

Data Security

Access Monitoring
Data Asset Classification
Data Backups
View more

Product Security

Bot Detection
Code Analysis
Credential Management
View more

Legal

SubprocessorsAtlassian-company-logoAmazon Web Services (AWS)-company-logoSalesforce-company-logoGoogle-company-logoSlack-company-logo
Cyber Insurance
Master Services Agreement
View more

Data Privacy

Cookies
Data Breach Notifications
Data Into System
View more

Access Control

Access Log Management
Automated Account Management
Data Access
View more

Infrastructure

Status Monitoring
Amazon Web Services
Anti-DDoS
View more

Endpoint Security

Anti-Malware
Disk Encryption
Endpoint Detection & Response
View more

Network Security

Data Loss Prevention
Distributed Denial of Service Protection (Anti-DDoS)
DNSSEC
View more

Corporate Security

Asset Management Practices
Email Protection
Employee Handbook
View more

Policies

Acceptable Use Policy
Access Control Policy
Anti-Malicious Software Policy
View more

Security Grades

SecurityScorecard
cirrusmd.com
Security Scorecard A grade
Qualys SSL Labs
https://my.cirrusmd.com
B
BitSight
View more

Risk Management

Data Access/Impact Levels
Risk Assessments
Supply Chain Risk Management
View more

Asset Management

Asset Classification
Asset Inventories (Hardware/Software)
Asset Tracking
View more

Change Management

Change Advisory Board (CAB)
Change Control Board (CCB)
Change Management Program
View more

Continuous Monitoring

Automated Alert Response
Automated Compliance Monitoring
Event & Audit Log Management
View more
Knowledge Base (FAQ)
  • Is there annual, formal privacy awareness training for employees, contractors, volunteers, and other relevant parties as appropriate?
  • Does your company configure user accounts so that a password cannot be reset until the user's identity is verified?
  • Is there a documented process to annually review whether user access and authorization is still appropriate and granted to those with a business need?
  • Is a key management system (KMS) used to generate, distribute, and manage cryptographic keys?
  • Does your company have documented, approved, and established Business Continuity and Disaster Recovery (BCDR) programs that have been approved by management and communicated to appropriate constituents?
View more
If you need help using this Trust Center, please contact us.
Contact support
Built onSafeBase by Drata Logo