Our Commitment to Data Security

CSS understands the importance of information security and respondent confidentiality.

Due to the nature of our work we commonly deal with Protected Health Information (PHI), the handling of which falls under the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act.

We have fully documented our policies and procedures to help ensure data privacy and security. In February 2013, CSS successfully completed a SOC 1 Type 2 review during which our privacy and security policies, our data management systems, and our IT infrastructure were tested by an independent third party auditor. Among the many precautions in place:

• All CSS employees must undergo annual data security training
• All CSS employees must undergo background checks and sign confidentiality agreements
• Disaster recovery plans are in place and tested regularly
• All data transmissions are tracked automatically
• Project data access is limited to only those employees identified by CSS's Chief Security Officer as working on that specific project
• All employees receive training in CSS policies prior to receiving access to PHI, and only employees who need access to PHI are granted those rights

We are happy to furnish our complete policies and procedures upon request.

More About Us

• About CSS
• Our Team
• Our History
• Our Commitment to Data Security
• Employment Opportunities