Security & Compliance

Enterprise security for healthcare procurement

Built from the ground up to meet the security and compliance requirements of hospital organizations. No shortcuts.

Security Posture

How we protect your data

Six pillars of our security architecture, designed for healthcare procurement environments.

Encryption

All data is encrypted in transit (TLS 1.2+) and at rest (AES-256). Encryption keys are managed through a dedicated key management service with automatic rotation.

Access Control

Role-based access control (RBAC) ensures users see only the data relevant to their function. Support for SSO via SAML 2.0 and OIDC. Multi-factor authentication available for all accounts.

Audit Logging

Every system action — logins, data access, configuration changes, flag resolutions — is logged with timestamps, user identity, and action details. Logs are immutable and retained per your policy.

Least Privilege

System components operate with the minimum permissions required. Service accounts are scoped to specific functions and reviewed regularly. No shared credentials.

Data Minimization

EnVision processes only the procurement data necessary for pricing analysis. We do not access or store patient health information (PHI). Data retention follows your organization's policies.

Infrastructure Security

Hosted on SOC 2 Type II certified cloud infrastructure with network segmentation, intrusion detection, and automated vulnerability scanning. Regular penetration testing by independent third parties.

Secure data center with server infrastructure

Hosted on enterprise-grade infrastructure

SOC 2 Type II certified cloud environment with network segmentation, intrusion detection, and continuous monitoring.

Compliance

Standards and frameworks

SOC 2 Type IICompliant
HIPAA (BAA available)Supported
HITRUST CSFAligned
NIST 800-171Aligned

For detailed compliance documentation or to request our SOC 2 report, please contact security@envisionprocure.com

Healthcare data privacy and security

We do not access patient data

EnVision processes procurement and supply chain data only — purchase orders, contracts, vendor catalogs, and pricing information. We do not access, process, or store protected health information (PHI) or electronic health records (EHR).

Questions about security?

Our security team is available to discuss your organization's specific requirements.

Contact Security TeamContact Sales