Security Practices
How we protect your data and our systems
Our Commitment
Security is foundational to everything we build. As a software studio serving public health organizations, we hold ourselves to the highest standards of data protection and operational security.
All client systems are built to meet or exceed HIPAA, PIPEDA, PHIPA, HIA, and PIPA BC requirements as applicable to each engagement.
Compliance & Certifications
Full compliance for protected health information handling
Audited controls for security, availability, and confidentiality
Certified information security management system
PIPEDA, PHIPA, HIA, and PIPA BC compliant
Infrastructure Security
- All data is encrypted in transit (TLS 1.3) and at rest (AES-256)
- Cloud infrastructure hosted in SOC 2 certified data centers
- Network segmentation and firewall rules enforced at all layers
- Automated vulnerability scanning and dependency monitoring
- Regular penetration testing by independent third parties
Application Security
- Secure software development lifecycle (SSDLC) for all projects
- Code review required for all changes before deployment
- Role-based access control (RBAC) with least-privilege principles
- Multi-factor authentication enforced for all administrative access
- Comprehensive audit logging for all data access and modifications
Operational Security
- Background checks for all team members handling sensitive data
- Security awareness training conducted regularly
- Incident response plan with defined escalation procedures
- Business continuity and disaster recovery plans tested annually
- Automated backups with encrypted off-site storage
Responsible Disclosure
If you discover a security vulnerability in any Catalyst system, please report it to info@catalystdataintelligence.com. We take all reports seriously and will respond promptly.