Data Encryption
Encrypted at every layer
All data handled by Valiance Health is protected with industry-standard encryption โ whether it's moving between systems or stored at rest.
Encryption in transit
All data in transit is protected using TLS 1.3, the latest industry standard for secure communications between clients and our servers.
Encryption at rest
All stored data is encrypted using AES-256, a military-grade encryption standard widely adopted across enterprise and government systems.
Customer data ownership
Customers retain full ownership and control of their data. Valiance acts as a data processor โ operating under BAAs (HIPAA) and DPAs (PDPA) as applicable.
Access Controls
Strict access management
We enforce rigorous controls to ensure only authorised individuals can access systems and data.
Multi-factor authentication
MFA is enforced across all internal systems and employee accounts to prevent unauthorised access even if credentials are compromised.
Role-based access control
Access to systems and data is granted on a least-privilege basis. Employees only access what they need to perform their role.
Audit trails
Full data lineage and audit trails are maintained from source to output, providing complete traceability across all operations.
Infrastructure
Built on secure, compliant cloud infrastructure
Valiance Health runs on Amazon Web Services (AWS), with dedicated regional infrastructure to meet data residency requirements.
- โHosted on AWS with enterprise-grade physical security
- โMalaysian client data processed within AWS Asia Pacific (Malaysia) region โ ap-southeast-5
- โUS client data processed within AWS US East (Ohio) region โ us-east-2
- โMulti-tenant isolation with enterprise-grade separation between client environments
- โData residency options available for international clients on request
- โVersion-controlled schema evolution and data lineage tracking
Compliance
Regulated across multiple frameworks
We maintain compliance with all major healthcare and data protection regulations across the regions we operate in.
United States
We operate as a Business Associate under HIPAA where applicable and enter into Business Associate Agreements (BAAs) with covered entities.
Malaysia
We comply with the Personal Data Protection Act 2010 (PDPA) of Malaysia across all seven PDPA principles including security, retention, and access.
Type II Certified
Valiance Health maintains SOC 2 Type II compliance, demonstrating our commitment to security, availability, and confidentiality controls.
Security Testing
Continuously tested and validated
We proactively test our systems to identify and remediate vulnerabilities before they can be exploited.
Penetration testing
We conduct regular third-party penetration tests across our platform and infrastructure to identify and remediate security vulnerabilities.
Security assessments
Regular internal and external security assessments are conducted to validate our controls and identify areas for improvement.
Employee training
All employees receive regular security awareness training covering data protection, phishing prevention, and secure handling of sensitive information.
Incident Response
Prepared for the unexpected
We maintain a comprehensive incident response programme to detect, contain, and communicate security incidents swiftly.
- โDocumented incident response and breach notification procedures
- โDefined escalation paths and response team responsibilities
- โCustomers notified promptly in the event of a security incident affecting their data
- โPost-incident review process to prevent recurrence
- โProcedures align with HIPAA breach notification requirements (45 CFR ยง 164.410)
- โRegular tabletop exercises to test incident readiness
Contact
Security questions or concerns?
Reach our security team
For security disclosures, compliance questions, or to request a copy of our security documentation, contact us directly.