Learn more in-depth knowledge about GreyMAR
GreyMAR’s datacenters maintain certifications with many industry standard certifications and regulatory requirements. We ensure the confidentiality and integrity of your data with industry best practices. And just like our customer support, our Security Team is on call 24/7 to respond to security alerts and events.
Physical Security & System Monitoring
Our data center facilities feature a secured perimeter with multi-level security zones, 24/7 manned security, CCTV video surveillance, multifactor identification with biometric access control, physical locks, and security breach alarms.
All Production Network systems, networked devices, and circuits are constantly monitored and logically administered by GreyMAR staff.
Application Access Security
Secure Development (SDLC)
Engineers participate in secure code training covering OWASP Top 10 security flaws, common attack vectors, and GreyMAR security controls & protocols.
Our QA department reviews and tests our code base. Several dedicated application security engineers on staff identify, test, and triage security vulnerabilities in code.
Testing and staging environments are separated physically and logically from the Production environment. No actual Service Data is used in the development or test environments.
Dynamic Vulnerability Scanning
We employ a number of third-party, qualified security tools to continuously dynamically scan our Support and Chat applications against the OWASP Top 10 security flaws. We maintain a dedicated in-house product security team to test and work with engineering teams to remediate any discovered issues.
Static Code Analysis
The source code repositories for GreyMAR, for both our platform and mobile applications, are continuously scanned for security issues via our integrated static analysis tooling.
Product Security Features
Secure Credential Storage
GreyMAR follows secure credential storage best practices by never storing passwords in human readable format, and only as the result of a secure, salted, one-way hash.
The GreyMAR API is SSL-only and you must be a verified user to make API requests. You can authorize against the API using either basic authentication with your username and password, or with a username and API token. OAuth authentication is also supported.
GreyMAR stores all documents securely using a multitude of encryption methods. We utilize encryption-at-rest methodology that ensures documents stored on the physical file system is encrypted unless it is called by an authorized user on the application.
Double Encryption Protection
GreyMAR utilized Google Cloud Storage (GCS) for primary protection of GreyMAR services yet takes encryption to another level. All data is first encrypted by GCS handlers, then is encrypted by GreyMAR’s application. This means customer data is secured using a multitude of encryption methods and systems.
Additional product security features
Access Privileges & Roles
Access to data within GreyMAR and GreyMAR Server is governed by access rights, and can be configured to define granular access privileges. GreyMAR has various permission levels for users (Customer Administator, Facility Administrator, Nurse, etc.).
All communications with GreyMAR servers are encrypted using industry standard HTTPS over public networks. This ensures that all traffic between you and GreyMAR is secure during transit. Additionally for email, our product supports Transport Layer Security (TLS), a protocol that encrypts and delivers email securely, mitigating eavesdropping and spoofing between mail servers.
For added security, your GreyMAR instance tracks the users signing into GreyMAR. When someone signs into an account, it is added to the audit log in that Audit Log module.
GreyMAR is built to uphold HIPAA compliance requirements and ensure the security of data traveling between computing systems. Our software was written with industry best practices in mind, along with additional safeguards to ensure there is no compromise at any point traveling between GreyMAR’s web services to your facility.
EHR Provider to GreyMAR
GreyMAR connects via secure channels to EHR providers, using a plethora of secure methods. GreyMAR uses the highest security protocol available by the EHR provider.
GreyMAR Cloud to You
The local GreyMAR Server reaches out securely over GreyMAR API to the GreyMAR Cloud, requesting file transfer securely using a limited tokenized download system. Files are first packaged, encrypted using a non-relative key, then sent over a secured channel to the local device.
HTTP Strict Transport Security
HTTP Strict Transport Security (HSTS, RFC 6797) is a header which allows GreyMAR to specify and enforce security policy in client web browsers. This policy enforcement protects secure websites from downgrade attacks, SSL stripping, and cookie hijacking. GreyMAR fully supports HSTS protocols.
Transport Layer Security + 0-RTT
We employ the latest version of transport layer security (TLS) 1.3 and 0-RTT. It allows the client’s first request to be sent before the TLS connection is fully established, resulting in faster connection times.
Transport Layer Security Requirement
We enforce strong cryptographic standards where we require strong cryptography by requiring visitors browsers to employ the latest Transport Layer Security (TLS) protocol version.
GreyMAR employs a multi-layered hybrid firewall system that protects GreyMAR’s core services from Distributed Denial of Service attacks, Denial of Service attacks, and many other threats.
Edge + Origin Protection
GreyMAR utilizes Edge and Original certificate techniques to prevent man-in-the-middle (MIM) attacks between nodes and customer browsers. This enhances security between GreyMAR and the customer.
The GreyMAR Origin servers are employ Ghosting mechanisms to ensure attackers cannot see server locations, IPs, or information related to the GreyMAR service. This is handled by a multitude of the commercials vendors and firewall technologies in-place.