Healthy.io establishes and implements procedures to scan for vulnerabilities on its managed instances in the scope boundary. It implements vulnerability scanning on server operating systems, databases, and network devices with appropriate vulnerability scanning tools. It contracts with independent assessors to perform penetration testing of the Healthy.io boundary. The Healthy.io Security team regularly scans all Internet-facing service endpoint IP addresses for vulnerabilities and notifies the appropriate parties to remediate any identified vulnerabilities.
Healthy.io’s maintenance and system patching generally do not impact customers. It releases software updates using change and release management procedures through the release cycle. It deploys emergency out-of-band security software updates (0-day & Security Incident Response Process updates) as quickly as possible. An independent auditor has validated and certified that Healthy.io aligns with ISO/IEC 27001:2013 certification standards, and you can refer to annex a, domain 8 for additional details.