Compliance at ScheduleOnce

The ScheduleOnce security and privacy program is a multi-layer system of controls designed to comply with multiple regulatory frameworks and industry standards. We understand the importance of supporting our customers' regulatory needs, and ensuring that you are able to satisfy your compliance obligations. 
 

HIPAA compliant

ScheduleOnce complies with the stringent security and privacy policies required in the healthcare sector. We work with expert consultants to implement the policies and processes required to protect your data and satisfy HIPAA and the HITECH act. All electronic protected health information (ePHI) collected, stored, and distributed by ScheduleOnce is encrypted both at rest and in transit, ensuring the highest level of security. Companies that require HIPAA compliance can sign our Business Associate Agreement, which is available on request in our Enterprise plan. Learn more about HIPAA compliance
 

Privacy shield compliant

Privacy is at the top of our priority list. Many companies choose to self-certify their compliance without truly understanding the demanding requirements of modern privacy frameworks. At ScheduleOnce, we work with an experienced privacy consultancy firm to ensure we meet the highest privacy standards. Our Privacy Policy meets the VeraSafe certification criteria, and is compliant with the EU Privacy Shield.
 

Commitment to the GDPR

ScheduleOnce is committed to complying with the Global Data Protection Regulation (GDPR). Taking effect in May 2018, the regulation creates a unified privacy framework enforceable by all EU member states. The GDPR applies to organizations that process data associated with identifiable EU individuals, whether or not the business is based in the EU. We welcome the progress brought forth by this landmark regulation. At ScheduleOnce, we stand by the GDPR’s key principles, including breach notification, privacy by design, privacy by default, fairness and transparency. Learn more about the GDPR and the steps we are taking to become compliant
 

SOC 2 certified

ScheduleOnce understands that the security, confidentiality, and availability of your customers' information is vital to your business. Our controls and processes have been certified by one of the Big Four CPA firms. We have been audited by Ernst & Young for the SOC 2 Type 2 Report. Our controls have been monitored over a six-month period for both suitability and effectiveness. The SOC 2 report can be provided upon request

 

 

 

 

Rate this article