maiData Corporation

Security information for maiData Corporation.

General

  1. Business name? maiData Corporation.

  2. Correspondence address? PO Box 50989, Palo Alto, CA 94303-0989, USA.

  3. Executive or Officer responsible for incident response? Adam Zenner, CTO and CISO.

  4. Executive or Officer responsible for information security? Adam Zenner, CTO and CISO.

  5. Has maiData ever experienced a data breach? No.

  6. Level of cyber liability insurance? $3M / $1M per incident.

  7. Location of maiData employees? maiData has a US-based virtual team.

  8. Number of employees? 6 full-time, 8 contract.

Compliance

  1. Does maiData maintain FedRAMP? Not directly, but our provider AWS does.

  2. Does maiData maintain HIPAA? Not directly, but our provider AWS does.

  3. Does maiData maintain HITRUST? Not directly, but our provider AWS does.

  4. Does maiData maintain ISO 27001:2013? Not yet, but our provider AWS does. maiData follows ISO 27001:2013 guidance and is in the process of adhering to this standard.

  5. Does maiData maintain NIST? Not directly, but our provider AWS does.

  6. Does maiData maintain PCI Compliance? Not directly, but our provider AWS does.

  7. Does maiData maintain SOC 2 Type 2? Not directly, but our provider AWS does.

  8. Does maiData maintain SOC 3? Not directly, but our provider AWS does.

  9. Does maiData maintain SSAE 16 / SOC 1 Type 1? Not directly, but our provider AWS does.

  10. Does maiData maintain SSAE 16 / SOC 1 Type 2? Not directly, but our provider AWS does.

Data Privacy

  1. Do maiData team members have access to Customer PHI or PII data? No, unless viewed in the course of providing technical support to a Partner, who controls that access. A partner may request that maiData enters into BA agreement with that Partners whose deployed systems may contain PHI data.

  2. Do maiData team members have access to Partner data? Yes, but limited. maiData has access to Partner billing information and contact information necessary for providing maiLink products and services. maiData has no access to other Partner data unless specifically requested to provide technical support to the Partner, who controls that access.

  3. Does maiData maintain policies and procedures for access control? No, but maiData is in the process of developing such policies and procedures for conformance with ISO 27001:2013.

  4. Does maiData share Customer data with any third party? No.

  5. Does maiData share Partner data with any third party? With the permission of the Partner, maiData may publish the fact that Partner uses maiLink software and quotes about the Partner’s experience in using maiLink software.

Incident Management

  1. Does maiData have a comprehensive Incident Response Plan? Yes, it is being developed as part of our ISO 27001 process.

  2. Does maiData have an incident handling process? Yes, it is being developed as part of our ISO 27001 process.

  3. Does maiData report security incidences to the appropriate personnel / government authorities in a timely manner? Yes.

  4. Does maiData respond to information spillage in a timely manner? Yes. Any spillage is treated as an incident.

  5. Does maiData track and document security incidents? Yes.

  6. Does maiData use incident response resources outside of the incident response team? No.

Quality Policy

  1. Does maiData document and monitor security training for its employees? Yes.

SDLC Procedures

  1. Are maiData information security functions outsourced? No.

Security Policy

  1. Does maiData adhere to information system security engineering principles throughout the Product Development Lifecycle for its products. Yes.

  2. Does maiData assign risk designations to all positions? Yes.

  3. Does maiData enter into BA agreements with Customers? Only if requested by the Customer.

  4. Does maiData enter into BA agreements with Partners? Yes.

  5. Does maiData establish screening criteria for individual filling positions of higher risk levels? Yes.

  6. Does maiData have BAAs in place? Yes, as necessary.

  7. Does maiData maintain a formal incident response policy? Yes.

  8. Does maiData maintain policies and procedures for System and Communications protection. No, but we will be developing these as we move towards ISO-27001:2013 conformance.

  9. Does maiData maintain policies and procedures for System and Information Integrity? No, but we will be developing these as we move towards ISO-27001:2013 conformance.

  10. Does maiData maintain policies and procedures for System and Services Acquisitions? No, but we will be developing these as we move towards ISO-27001:2013 conformance.

  11. Does maiData maintain SOC 2 Type 1? Not yet, but our provider AWS does. maiData follows SOC 2 Type 1 guidance and is in the process of adhering to this standard.

  12. Does maiData perform background checks on its employees? Yes, for full-time employees with access to maiData Information Systems.

  13. Does maiData perform incident response tests and analyze the results of those tests? No.

  14. Does maiData review and revise position risk designations periodically? Yes. Every three years.

  15. Does maiData support the capability to use cryptographic mechanisms to protect information at rest? Yes.

  16. Is flaw remediation incorporated into the maiData configuration management process? No, but we will be developing these as we move towards ISO-27001:2013 conformance.

  17. What cryptographic mechanisms and strengths does maiData employ to protect information at rest? AES 128-bit.

Training

  1. Are maiData team members HIPAA trained? Yes.

  2. Are maiData team members PHI trained? Yes.

  3. Are maiData team members PII trained? Yes.

  4. Are maiData team members provided with incident response training? Yes.

  5. Do maiData personnel receive role-based security training? Yes.

  6. Do maiData personnel undergo periodic security awareness training? Yes.

  7. Does maiData maintain policies and procedures for Personnel Security? Yes.