Security Practices

Security and Compliance Programs

Security Practices

Data Protection and Availability

Modivcare performs and monitors controls related to a consolidated Framework traversing our certification audit and with Sarbanes’s Oxley (SOX).

Risk Management Controls are continuously monitored through internal and external audits. Risk is first on our minds in the design and execution of our control’s environment.

Risk to Controls Mapping
Incident tracking connected to risks
Quarterly reassessment

Security Incident Management Controls ensures that interruptions to service are managed to our contractual requirements and that the impact on our customers is low.

Incident Response Plan (IRP)
Business Impact Assessment of Critical Systems
Business Continuity Disaster Recovery (BCDR) Plans for Critical Systems
Quarterly cybersecurity incident response tabletop exercises

Access Controls ensure systems are set up and monitored using the concept of least privilege. You will only see and touch what you need to in our systems.

User Access Management
Enterprise Single Sign On (SSO)
Adaptive Authentication

Personnel Security Controls ensure people are trained and competent.

100% Employee Background Checks
100% Completion of Annual Security Training
HOXHUNT Phishing Program

Third-Party Risk Management (TPRM) Controls protect our Company’s and customers’ interests, ensuring third parties are evaluated prior to providing goods or services

SOC1 and SOC2 Review
Pen Tests for our Products
Required Security Clauses in TPRM Contracts

For more information on controls related to Data Protection and Availability, please visit the tab above.

Request access to download our certifications