Security Policy
The protection and security of client data is our top priority.
We authenticate and encrypt all channels of communication connected to our servers and all data is encrypted with private keys. This means that no one else can ever see your data, unless you grant them permission to access it. Whether the data is coming from you, a third party provider, or from our systems, we secure your stored data to keep it private, safe, and secure. Theranos develops its software products in a manner consistent with HIPAA, Title 21 CFR Part 11, and ISO 27001.
Theranos uses the following techniques to secure all data:
- Authentication All Theranos Software Products will require connecting machines or users to identify themselves and present credentials to validate their identity.
- Authorization Theranos Software Products will grant machines or users access to resources as appropriate.
- Auditing Theranos Software Products will keep an audit trail tracking all accesses to sensitive data.
- Data Privacy Theranos Software Products will encrypt all sensitive data when transmitted on an untrusted connection and when stored in any database, log, or URL.
- Data Integrity Theranos Software Products will transmit and store sensitive data with additional signatures and will check those signatures so that any tampering of sensitive data will be detected. Furthermore these software products will require sensitive data entered or modified by users to be explicitly signed by those users.