SaraWorks is designed with security in mind, offering various security features and compliance certifications to safeguard sensitive information. Our security measures include robust compliance, accessibility, architecture and data security protocols, ensuring that users and agency’s can safely and securely use the platform.
Security & Accessibility Compliance
SaraWorks demonstrates a commitment to security and accessibility by meeting compliance thresholds set by outside evaluators and by obtaining various certifications. We view compliance as a demonstration of our commitment to security.
- HIPAA Certified (Health Insurance Portabillity and Accountability Act) meaning that staff can safely communicate personal medical information via Sara
- 508 compliant
- NIST 800-53 compliant
- WCAG 2.1 compliant meaning all users can access the platform regardless of their abilities
- Permanent Authority to Operate (ATO) from the VA, passing stringent Federal security requirements
Security Architecture
Sara is a cloud-based application residing on the AWS GovCloud, only available to U.S. entities that can meet AWS’s stringent security requirements for government-related applications. Other security benefits of our system architecture include:
- Sara is a cloud-based application hosted in the ultra-secure, FedRamp approved AWS GovCloud, a service only available to U.S. entities that pass a stringent screening process.
- SOC 2 Type 2 audit report
- The REST API and Windows service for data transfer between Sara and an agency CMS are located behind the SaraWorks firewall and respond to incoming data requests only.
Data Security
SaraWorks places a high priority on data security, implementing strong encryption protocols and two-factor authentication to protect against unauthorized access.
- Qualsys SSL Labs A rating meaning very strong data security protocols
- Two-Factor Authentification (2FA) is included in SaraWorks to add an extra layer of security
- PII data is encrypted using 256-bit encryption algorithms both in transit and while at rest
- SaraWorks provides a utility that can be installed behind an agency’s firewall, which communicates with the SaraWorks API using an encrypted HTTPS protocol. The communication is allowed only if all values match.
