Security and Compliance

Compliance

Trust Center

Security

Sales

Employee Awareness

At Locus Robotics, security resilience starts with people. Our top-down approach to security awareness education creates a holistic culture across all technical and non-technical departments. Employee awareness is the foundation for secure processes, practices, and technologies.

Assurance

Based on a principle of mature foundations, we build security into everything from our cloud customer portal to our robots executing instructions. We leverage the latest methods of encryption (in transmission and at rest). We continuously monitor the effectiveness of our controls, taking a continuous compliance assurance approach to mitigate risk across the product and service lifecycle.

Learn how to Secure Autonomous Mobile Root Deployments in the Workplace

Security Incident Preparedness

Locus Robotics acknowledges and continuously prepares for security incidents through education and awareness efforts, and building security into our work processes and product. Our leadership established and practices Incident Response processes, based on industry standards, to ensure proper decision making steps are known and followed. We analyze and respond to events with the key priority to protect our customers from any impact of an event.

Privacy

Trust Center

Our Guiding Principles:

Our enterprise privacy and data protection framework is guided by global privacy regulations, including the General Data Protection Regulation (GDPR) and we comply with all applicable data privacy laws in the US and countries in which we operate.

We aim to be transparent with you about our policies and practices when it comes to the way we collect, process, and secure your data in our day-to-day operations.

We invest continuously in our infrastructure and processes to provide our customers with robust and secure systems.

We monitor the global regulatory landscape and adjust our program to meet new requirements as needed.

We promote a culture of respect for, and thoughtful consideration of, privacy and personal data protection throughout Locus Robotics.

Should you have questions about our privacy programs, please feel free to contact us at info@americanmedrobotics.com.

To exercise your privacy rights, you may submit a request at https://americanmedrobotics.com/dsar

Compliance

Safety

SOC 2 Type II

Locus Robotics has achieved SOC 2 Type II compliance certification. Our public-facing SOC 3 report can be viewed here. The attestation is a confirmation of the suitability of the design and operating effectiveness of our internal controls stated for the scope of the report. Locus Robotics provides reasonable assurances that our service commitments and system requirements are achieved based on the trust services criteria relevant to security, availability, confidentiality and processing integrity set forth in the TSP 100, 2017 Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy (AICPA, Trust Services Criteria).

Vendor Risk Management

To ensure a high level of customer service, a strong security foundation, and reliable business continuity, Locus Robotics has implemented a Vendor Risk Management process to evaluate third-party service providers that we partner with. The evaluation process considers: Cloud Architecture, Authentication, Application Security, Data Security, Privacy, Internal Controls, Certifications, and other security practices that add to a strong security program and dependable customer service.

Continuous Risk Mitigation

Safety

It is the policy of American Med Robotics to implement security measures and controls to protect the information systems environment and the privacy and confidentiality of protected information, to include financial, business, or other sensitive information for the Organization.

By adopting continuous security best practices, American Med Robotics ensures that risks are continuously addressed, evaluated, and mitigated. Our continuous risk assessment process covers the entire lifecycle of the business and operational processes. We consider risks to data, people, processes and technologies.

Data Protection

Sales

Ongoing Data Inventory

As part of American Med Robotics compliance and privacy programs, on an annual basis, American Med Robotics reviews all the data that is captured, utilized, and stored. Our ongoing data inventory process includes the following actions:

Mapping data processed – illustrating the data actions and associated data elements for systems and services.
Documenting the categories of individuals (e.g., customers, employees or prospective employees, consumers) whose data are being processed are inventoried.
Mapping the data actions of the systems/products/services are inventoried.
Confirming the data processing environment is identified (e.g., geographic location, internal, cloud, third parties).

Data Governance

Data governance is where data security and privacy converge for a holistic approach to mitigate risk. We enforce the principle of least privilege, giving the least amount of data access to users that they need to complete their job functions. We rigorously monitor user access with regular reviews to ensure comprehensive protection across the entire user identity lifecycle. Our data governance processes and practices cover the entire data lifecycle from creation to destruction.

Data Risk Assessment

A Data Protection Risk Assessment process that determines the threats to your regulatory protected and sensitive data. We identify and categorize your data according to the severity of the risk involved and take the steps required to mitigate the risks and ensure continuous protection and compliance.

Safety Attestations

Certifications