Security is built into every component of our platform and our information security team continually monitors and adapts to a changing threat landscape. Our processes align with the most rigorous industry standards and certifications, including those listed below.
Protecting Data and Systems
Our Movement Health Platform is hosted on AWS cloud platform. The consumer-facing application and programming interfaces (API) are protected with industry-standard SSL certificates with TLS 1.2+ protocol connection enforced. All communication between MHP components is encrypted. Additionally, the database is protected with encryption.
All cloud storage is encrypted with strong encryption algorithms, and all data transfers are encrypted. The Sparta Cloud infrastructure isolates application tiers, with strict, centralized user and information access management and auditing.
Sparta Science logs all operations performed on the application, and we use SEIM for proactive threat monitoring and alerting. Our team performs continuous application code and host vulnerability scans, periodic network vulnerability scans, periodic system patching, as well as periodic mandatory penetration testing. In doing so, we aim to comply with information security regulations imposed by the Health Insurance Portability and Accountability Act (HIPAA), NIST SP 800-53 rev.4, and NIST 800-171 publications.
The platform is compliant with the HECVAT requirements, which makes it available for educational institutions. Sparta Science also uses Voluntary Product Accessibility Template (VPAT) to evaluate its MHP accessibility rating.
As a necessary part of its engagement with the U.S. government, Sparta Science is actively working towards achieving Information Level (IL) 5 and FedRAMP Moderate accreditation for MHP through Palantir's FedStart offering. Through FedStart, Sparta Science's apps will run on Palantir’s accredited infrastructure.
We work with outside partners such as Vanta to ensure continuous compliancewith enterprise information security and data privacy standards. Check out our Trust Report to see how invested we are in protecting our systems and our customers' data.
Sparta Science has implemented a sophisticated vendor management program to ensure partners adhere to strict security protocols.
We maintain comprehensive information security and privacy policies across the organization.
Awareness and Training
The Sparta Science team regularly performs cyber-security awareness and data privacy training.
Emergency Recovery Plan
A well-defined business continuity plan and disaster recovery plan is in place and continually reviewed.
TAA Compliant and FDA Compliant
We are internally implementing TAA and FDA compliance protocols.
Data Privacy and Confidentiality
We do not sell consumer information to third parties for any purpose. Sparta Science honors consumer requests to delete their data, stop the processing of their data, or perform data export. We aim to comply with industry-recognized data privacy programs, such as California Consumer Privacy Act (CCPA). Contact info@spartascience for more information.
Take a Look Under the Hood
The Sparta Science platform enables a systematic, data-driven approach to assessing and understanding organizational Movement Health. Built to leverage generated and ingested Movement Health data, it delivers novel insights in real time and gets smarter over time.