Yes, Steno’s Possesses SOC 2 Type II and HIPAA Compliance
We created Steno Connect to meet the needs of attorneys taking depositions where all parties are in remote locations. Steno Connect combines videoconferencing and exhibit sharing in one convenient web application to eliminate confusion and maximize usability.
Steno built a product that could accommodate participants operating under the most stringent security requirements. Steno has secured System and Organization Controls (SOC) 2 and Health Insurance Portability and Accountability Act (HIPAA) compliance.
Steno also adheres to standard security practices for developing our applications, infrastructure, and network.
Security Considerations and Requirements
Our in-platform On and Off Record features are controlled only by a Steno-appointed technology assistant and the court reporter.
Any document shared during the session is stored securely on Amazon Web Services (AWS). AWS is a secure, durable technology platform with industry-recognized certifications and audits: PCI DSS Level 1, ISO 27001, FISMA Moderate, FedRAMP, HIPAA, and SOC 1 (formerly referred to as SAS 70 and/or SSAE 16) and SOC 2 audit reports. AWS services and data centers have multiple operational and physical security layers to ensure the integrity and safety of your data.
All data to and from our system is encrypted, and all data stored in our database is encrypted.
We incorporate best practices from the Open Web Application Security Project (OWASP) at the application tier. OWASP is an online community that produces freely available articles, methodologies, documentation, tools, and technologies in web application security. This ensures we are not introducing coding vulnerabilities during our software development process.
Steno Connect was created with Twilio, a product certified under ISO/IEC 27001, an international standard for managing information security. Additionally, our in-house software engineering team rigorously optimizes Steno Connect, bringing a wealth of knowledge in information security protocols.
We built our operations system on a product guided by ISO/IEC 27017 and ISO/IEC 27018, internationally recognized codes of practice addressing cloud-specific information security threats and the protection of personally identifiable information.