Runbook

health operations OS

Legal

Security

Our security practices and certifications.

Security posture

The controls, standards, and response practices behind the platform.

Security is treated as a foundational part of the operating model, with technical controls, certification efforts, and incident response processes designed to protect customer data and system integrity.

Focus 01

Independent standards and certifications support the security program.

Focus 02

Controls span encryption, access management, and infrastructure security.

Focus 03

Incident response and responsible disclosure channels stay available.

Document map

Security at a glance.

Review the main commitments, controls, and responsibilities captured in this document before diving into the full policy detail below.

01

Commitment to security

Runbook.health treats security as a top priority and maintains broad security practices intended to protect customer data and preserve trust in the platform.

02

Certifications and compliance

The security program is informed by common security and privacy standards that support customer assurance and operational discipline.

03

Data protection controls

Core safeguards include identity controls, technical protections, and regular validation of the environment.

04

Incident response and disclosure

A dedicated incident response capability supports security handling and vulnerability reporting. Security inquiries and responsible disclosure reports can be sent to security@runbook.health.

Commitment to security

Runbook.health treats security as a top priority and maintains broad security practices intended to protect customer data and preserve trust in the platform.

Certifications and compliance

The security program is informed by common security and privacy standards that support customer assurance and operational discipline.

SOC 2 Type II
HIPAA alignment
ISO 27001
GDPR alignment
Encryption in transit and at rest

Data protection controls

Core safeguards include identity controls, technical protections, and regular validation of the environment.

Role-based access controls
Multi-factor authentication
Security audits and penetration testing
Secure data centers with continuous monitoring

Incident response and disclosure

A dedicated incident response capability supports security handling and vulnerability reporting. Security inquiries and responsible disclosure reports can be sent to security@runbook.health.

Need clarification?

Need a security conversation?

For security questionnaires, disclosure reports, or deeper security discussions, contact security@runbook.health.

Contact our team