• Home
  • About
  • Clearinghouse Trust Center
  • Security

    • SECURITY

    Security is our responsibility — and our pledge to you

    We safeguard your data through a modern, intelligent, and integrated cybersecurity program built on automation, continuous monitoring, and a culture of proactive protection.

    SECURITY

    Security is our responsibility — and our pledge to you

    We safeguard your data through a modern, intelligent, and integrated cybersecurity program built on automation, continuous monitoring, and a culture of proactive protection.

    Our mission is simple.

    We protect our customers by stopping attackers in their tracks. And we always err on the side of caution — blocking potential threats first and investigating second.

    We’re here to serve you.

    2024 OnCon Icon Awards for Top 50 Info Sec Team Award badge     

    OnCon Icon Top 50 Information Security Team Award

    The Clearinghouse’s cybersecurity team was twice selected as a Top 50 Information Security Team as part of the esteemed OnCon Icon Awards, which celebrate outstanding achievements of top organizations and teams worldwide. This prestigious recognition is determined through peer and community voting, which recognizes teams that have made a significant impact. It reflects our cybersecurity team’s dedication to excellence, innovative practices, and leadership within cybersecurity that has made them a top-performing team.

    How we protect your data

    Our data protection strategy

    Our strategy involves using the latest technologies to defend and protect your data. We measure every facet of our program against multiple globally accepted, high-standard frameworks, including AICPA’s SOC2 Type 2, NIST Cybersecurity Framework, Lockheed Martin’s Cyber Kill Chain®, and MITRE’s ATT&CK® (Adversarial Tactics, Techniques, and Common Knowledge). We also partner with industry leaders to proactively hunt for any threats and identify risks that might impact the security of your data.

    Key data protection practices

    1. Encryption:

    We encrypt all data at rest and in transit.

    2. Access Controls:

    Our security program is aligned with zero-trust: we trust no device or identity’s request for access until it is vetted and authorized. All Clearinghouse access is controlled by either passwordless or multi-factor authentication. Access to our cloud environments is further restricted with highly secure bastion services. Finally, we rigidly follow the principle of least privilege with robust role-based access.

    3. Monitoring & Detection:

    We leverage two 24/7 managed security services that proactively monitor and hunt for threats against our environment. Each month, our top-tier Security Incident Event Management (SIEM) tool ingests billions of security events, enabling rapid detection of threat activities and deeper insights into suspicious activity.

    4. Incident Response:

    We approach incident response with an “assume breach” mindset, which is a proactive cybersecurity strategy where we continuously monitor and act on suspicious activity. We further facilitate incident response actions via rapid response protocols, hundreds of automated playbooks, and in-depth planning and training exercises.

    5. Data Backups & Recovery:

    We follow industry best practices by performing regular backups, frequently testing our disaster recovery plans, and implementing continuous improvement.

    6. Intelligence-Driven Defense Framework:

    We employ Lockheed Martin’s Cyber Kill Chain® to break down, understand, and proactively defend against each stage of a cyberattack, making it harder for unauthorized users to gain access.

    Enterprise-wide security training

    Security is embedded into the Clearinghouse culture

    • Our Chief Information Security Officer holds the Certified Information System Security Professional (CISSP) certification, recognized as the “gold standard” in cybersecurity.
    • Every member of our cybersecurity team is certified in the security field.
    • Our robust security awareness program is run by an all-volunteer, cross-departmental Security Awareness Ambassadors team. As a result of their efforts, the average click rates for Clearinghouse’s phishing training campaigns are a fraction of those realized by other companies.
    • We use NINJIO®, a cybersecurity awareness training platform that reduces human-based security risks, to educate all our employees on how to identify and avoid cyber threats.
    • Throughout the year, we provide learning opportunities on how to improve security at work and at home, making cyber security awareness personal, memorable, and actionable for all our employees.