Security Policy

Security Policy

Security Policy

Security Policy

Updated: April 22, 2024
Updated: April 22, 2024
Updated: April 22, 2024
Updated: April 22, 2024
Network Controls

NeuroReef Labs manages, controls, and secures its networks, the connected systems, applications, and data-in-transit to safeguard against internal and external threats.

Firewalls & Threat Defense

NeuroReef Labs must utilize network firewalls, web application firewalls, and/or equivalent mechanisms to safeguard applicable internet connections, internal network zones, and applications from threats. NeuroReef Labs configures appropriate firewall alerts and alarms for timely response and investigation. This also applies to applicable wireless networks. 

NeuroReef Labs ensures networking ports and protocols are restricted based on the principle of least functionality. Ports and network routes should only be open when there is proper business justification. Firewall configurations and rulesets are maintained. Firewall rules are implemented to minimize exposure to external threats. Significant changes to network services and configurations should be tracked in accordance with the Change Management Policy. 

As an additional layer of defense, NeuroReef Labs utilizes monitoring solutions to detect and alert on network-based intrusions and/or threats.

Network Diagramming

Satwant Kumar maintains network and data flow diagrams. Diagrams are reviewed and updated when significant network infrastructure changes occur.

Network Access Control

In addition to the Network Security Policy, NeuroReef Labs establishes, documents, and reviews the Access Control and Termination Policy based on business and security requirements. This policy also encompasses network access control.

NeuroReef Labs segregates networks based on the required groups of information services, users, and systems.

NeuroReef Labs utilizes firewall configurations to restrict connections between untrusted networks and trusted networks.

Additionally, NeuroReef Labs may utilize security groups and network access control lists (NACLs) to improve network security for individual virtual machines.

Network Engineering

NeuroReef Labs implements security functions in a layered approach, minimizing interactions between layers of the design and avoiding any dependence by lower layers on the functionality or correctness of higher layers.

NeuroReef Labs utilizes a defense-in-depth (DiD) architecture to protect the confidentiality, integrity, and availability of information systems and data, i.e. placing information systems that contain sensitive data in an internal network zone, segregated from the DMZ and other untrusted networks. 

NeuroReef Labs synchronizes clocks of all applicable information systems to the same time protocol to enforce consistent and accurate timestamping.

Network Service Level Agreements (SLAs)

Security mechanisms, service levels and management requirements of all network services should be identified and included in network services agreements, whether these services are provided in-house or outsourced.

Exceptions

NeuroReef Labs business needs, local situations, laws and regulations may occasionally call for an exception to this policy or any other NeuroReef Labs policy. If an exception is needed, NeuroReef Labs management will determine an acceptable alternative approach.

Enforcement

Any violation of this policy or any other NeuroReef Labs policy or procedure may result in disciplinary action, up to and including termination of employment. NeuroReef Labs reserves the right to notify the appropriate law enforcement authorities of any unlawful activity and to cooperate in any investigation of such activity. NeuroReef Labs does not consider conduct in violation of this policy to be within an employee’s or contractor’s course and scope of work.

Any personnel who is requested to undertake an activity that he or she believes is in violation of this policy must provide a written or verbal complaint to his or her manager or any other manager of NeuroReef Labs as soon as possible. 

The disciplinary process should also be used as a deterrent to prevent employees and contractors from violating organizational security policies and procedures, and any other security breaches.

Responsibility, Review, and Audit

NeuroReef Labs reviews and updates its security policies and plans to maintain organizational security objectives and meet regulatory requirements at least annually. The results are shared with appropriate parties internally and findings are tracked to resolution. Any changes are communicated across the organization.

Contact Us

If you have any questions about this Privacy Policy or to report a privacy issue, please contact us in one of the following ways:

Email: info@neuroreef.com

Telephone: +1 (832)-906-2242

Write to us at:

NeuroReef Labs, Inc.

870 E El Camino Real #95, Mountain View, CA, 94040

Contact us today for a demo!

Save time during patient visits by letting us take notes for you.

Contact us today for a demo!

Save time during patient visits by letting us take notes for you.

Contact us today for a demo!

Save time during patient visits by letting us take notes for you.