SECURITY & COMPLIANCE

We’re focused on data security and governmental compliance.

Every govWorks product and service is secured using 256 bit TLS encryption, hosted on government tier server infrastructure, which is routinely audited to verify the integrity of our system. Rest assured, protecting your privacy is our top priority.

Customer Privacy

Your personal information stored on the govWorks platform is available for use only during application processing. All data and documents uploaded to govWorks are kept private and can be viewed, edited, or signed by users or others as you direct. Protecting your privacy is our top priority. We will never share your personal information with non-applicable 3rd parties.

Operational Protection

We implement best practice solutions, resulting in a secure environment that maintains a secure audit trail of all events occurring throughout the system.

Security Process

Our security management process is based on the ISO 27001 standard combined with the policies and procedures recommended by NIST.

Physical Security

We chose AWS primarily because of their ongoing commitment to provide the highest possible security standards in a cloud hosted solution.

We work closely with the U.S. Department of State to make sure our process and procedures are up to standard.

Infrastructure Considerations

We have architected a fully N-modular redundant system designed to scale to any number of users and handle any significant outage. With no masters or single point of failure, our distributed system is built upon modern clustering technologies to ensure high availability. The govWorks engineering team has taken every measure to ensure the network and server infrastructure remains resilient and secure.

Encryption Layers

At minimum, personal information is encrypted at rest using 256-bit Advanced Encryption Standard (AES). This is the same level of encryption recommended by NIST and the NSA. In an industry first, setting security questions on your account encrypts data using our ephemeral protocol, ensuring information is only accessible by you during your order process according to our Information Lifecycle Management (ILM).

Agile SDLC

All potential code releases are subject to security review, performance assessment, and a risk analysis before being scheduled for deployment.

Service Level Agreement (SLA)

We have customer support agents available 24/7 to assist with any issue that may arise, along with an on-call rotation of engineers.

Ephemeral Cryptography

Personal information in the govWorks platform is available only during application processing. Encrypted data is only available to us while processing orders.

Compliance Standards

ISO 27001/27018

We comply with ISO/IEC 27001 and ISO 27018, which is the only auditable international standard, and defines the requirements for an Information Security Management System (ISMS). The standard is designed to select adequate and proportionate security controls.

Our hosting facilities comply with the U.S.-EU Safe Harbor Framework and the U.S.-Swiss Safe Harbor Framework as set forth by the U.S. Dept of Commerce regarding the collection, use, and retention of personal information from EU member countries and Switzerland.

govWorks utilizes the secure AWS environment to process, maintain, and store protected information. AWS enables the use of their certified infrastructure to covered entities and their business associates subject to the U.S. Health Insurance Portability and Accountability Act of 1996 (HIPAA).

The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards designed to ensure that ALL companies that accept, process, store, or transmit credit card information maintain a secure environment on an ongoing basis.

Learn more about how we can help transform your business with our technology platform.