Independent Assurance
Cell-Ed completes a SOC 2 Type II examination. To help prevent uncontrolled distribution, the report is available on request only.
Need it for due diligence? Use the form below.
HIPAA Compliance
We operate a HIPAA-aligned security and privacy program and execute BAAs with covered entities and business associates.
HIPAA • Security Rule • Privacy Rule
Clear Policies
Our policies below describe how we secure data, manage risk, and respond to incidents.
We publish summaries for transparency; full documents are provided on request.
Policies
High-level policy summaries are provided below. Full policies are provided at request.
Access Control Policy
Principle of least privilege, strong authentication for privileged roles, and regular access reviews across production and corporate systems.
Asset Management Policy
Hardware/software assets are inventoried with ownership, lifecycle tracking, and deprovisioning controls to prevent data leakage.
Business Continuity & Disaster Recovery Plan
Documented continuity strategies, recovery objectives, and regular tests to maintain availability during significant disruptions.
Data Management Policy
Data classification and handling rules for public, internal, and sensitive data, including encryption and retention/disposal expectations.
HIPAA Compliance Policy
Administrative, technical, and physical safeguards aligned to HIPAA requirements. BAAs available for covered entities and business associates.
HIPAA Workstation Security Policy
Endpoint protection standards for systems that may access PHI, including encryption, access controls, and session timeout requirements.
Incident Response Plan
Formal incident lifecycle: detection, triage, containment, eradication, recovery, and post-incident review with executive escalation paths.
Incident Response Plan — HIPAA Addendum
HIPAA-specific breach assessment and notification procedures layered on top of the core incident response program.
Information Security Policy (AUP)
Acceptable use and baseline security expectations for workforce members, contractors, and systems accessing company resources.
Information Security Roles & Responsibilities
Defined governance structure with leadership oversight, operational ownership, and clear accountability for security outcomes.
Operations Security Policy
Operational safeguards including change control, environment segregation, hardening, backups, monitoring, and vulnerability management.
Risk Management Policy
Structured identification, assessment, and treatment of risks with tracking in a risk register and regular reassessment cadence.
Secure Development Policy
Secure SDLC practices: peer review, security review, testing before release, and controls for third-party/outsourced development.
HIPAA Compliance
We support HIPAA compliance across our platform, including safeguards aligned to the Security and Privacy Rules. Business Associate Agreements (BAA) are available on request.
Need a BAA? Email us.