NEWFOLD DIGITAL INFORMATION SECURITY PROGRAM OVERVIEW

Newfold Digital and our subsidiaries (“we,” “us” or “Newfold”) maintain internal policies and have established reasonable controls to protect the confidentiality, integrity and availability of personal data while processing or within our control. 

Last update April 30, 2024.  

While Newfold provides security features and technologies that customers can use to protect their personal data, customers are solely responsible for taking appropriate risk-based measures to protect the security of their accounts and personal data.  Customers are responsible for ensuring that all content and information placed on Newfold provided services is free of vulnerabilities that could cause the loss of personal data or compromise Newfold systems or services.  Customers are responsible for backing up personal data. 

Where Newfold engages third parties to process data on its behalf, they do so in accordance with our written instructions under a duty of confidentiality, and they are required to implement appropriate technical and administrative measures to secure the data. 

Physical Security

Newfold implements risk-based controls and reasonable measures to ensure the physical security of its facilities, systems, and hosting environment.  Measures may include the following.

  • Newfold servers and infrastructure are located in secure facilities and data centers where access is limited to authorized personnel. 

  • Physical access controls are implemented and may include: security guards, fences, alarms, CCTV systems, badge readers, key locks, and visitor access controls.

  • Newfold facilities are monitored 24x7.

  • Newfold servers are isolated and secured within the data center in areas dedicated to Newfold equipment only.

  • Access to Newfold facilities are regularly reviewed to ensure only authorized users have access.

Network Security 

Newfold implements reasonable  security measures to protect the confidentiality, integrity, and availability of our networks used to process customer data. Measures may include the following. 

  • Newfold’s corporate network is protected from direct access to the public Internet. Controls such as next-generation and web application firewalls, intrusion prevention/detection systems, and denial of service mitigation solutions are strategically implemented.

  • Newfold requires that information is handled with appropriate levels of encryption and pseudonymization in accordance with our policies and standards and to comply with applicable laws. 

Customer Hosted Environment Security

Newfold implements risk-based controls to maintain a level of security for customer hosted environment consistent with terms and conditions. While Newfold provides security features and technologies that customers can use to protect their personal data, customers are solely responsible for taking appropriate risk-based measures to protect the security of their accounts and personal data.  Customers are responsible for ensuring that all content and information placed on Newfold provided services is free of vulnerabilities that could cause the loss of personal data or compromise Newfold systems or services.  Customers are responsible for backing up personal data. Security controls for customer hosted environments may include the following.  

  • Security controls implemented in customer hosting environments balance the need to protect the underlying infrastructure while enabling customers to use Newfold services to the fullest extent, consistent with terms and conditions.  

  • Newfold routinely reviews information on current security vulnerabilities, including vendor announcements and other industry sources. If applicable to Newfold’s environment, remediations are tested and deployed in a timely manner.

  • Customer hosting systems are monitored 24x7 for availability. Alerts generated by monitoring systems are responded to in a timely manner.

  • Customer hosting systems are monitored 24×7 for malicious activity. Alerts are reviewed, triaged, and responded to in a timely manner.

  • Administrative access to Newfold’s infrastructure is limited strictly to authorized users.  Individual usernames, passwords, and multi-factor authentication is enforced for all remote access. 

  • Newfold adheres to strong password guidelines, including complexity and minimum length requirements. Passwords are expired and changed on a regular basis.

Software Security

Newfold implements risk-based controls to maintain software security. Controls may include the following. 

  • Application code is subject to Newfold’s secure coding guidelines, which includes testing of functionality and business logic, and for security flaws. In addition, Change Management policies require code deployed to the production environment is appropriately tested, reviewed, and approved.

  • As part of Newfold’s compliance with the Payment Card Industry – Data Security Standard, regular security reviews are conducted on an ongoing basis. All vulnerabilities discovered are reviewed and addressed in accordance with internal procedures. 

Incident Management

Newfold implements procedures to provide for the ability to detect and contain a physical or technical incident and to restore the availability and access to personal data in a timely manner. The incident management program includes the following. 

  • Newfold maintains operations and cybersecurity incident response plans. Systems are monitored 24×7 and alerts are triaged according to internal procedures. Newfold maintains a third-party cybersecurity incident response organization on retainer.

  • The cybersecurity incident response plan is reviewed annually and tested periodically. 

Personnel Security

Newfold outlines appropriate safeguards and empowers personnel with awareness, training and accountability based on personnel roles and data access.  Safeguards may include the following.  

  • Newfold employment offers are contingent upon successful completion of a criminal background and reference checks, where allowed by law.

  • Upon commencing employment, all Newfold employees receive information security training and are contractually obligated to confidentiality clauses to ensure adherence to security and confidentiality.

  • Newfold’s information security awareness and training programs require employees to complete, at a minimum, annual security refresher training. 

Patch Management 

Newfold maintains a vulnerability and patch management program to ensure systems are patched against known security vulnerabilities within a reasonable time period.    

  • Where feasible, system components and software are protected from known vulnerabilities by applying the latest vendor-supplied security patches.

  • Newfold systems are updated per vendor recommendations and industry standards. 

Virus/Malware Management 

Newfold implements controls to detect, prevent, and remediate viruses and malware. The controls may include the following. 

  • Newfold uses up to date virus scanning software for detecting currently known malware.

  • Malware definitions are updated daily and installed as required.

  • Newfold systems and customer hosting environments are monitored 24×7 for malware infections. 

Questions 

Email [email protected] and we’ll get back to you as soon as we can.

Privacy | Cookie Settings | Do Not Sell My Personal Information | Report Ethical Hacking

Copyright© Newfold Digital Inc., All Rights Reserved.  

All registered trademarks herein are the property of their respective owners.

US Health Compliance Notice – Your Rights and Protections against Surprise Medical Bills
Transparency In Coverage BCBS